CVE-2025-63401

Medium CVSS: 5.5

Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives

Vendor

Hcltech

Product

Dragon

CWE

CWE-79

Yayın Tarihi

2025-12-03 19:15:57

Güncelleme

2025-12-18 20:31:37

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Dragon MEDIUM Hcltech 2025

Referanslar

http://hcl.com http://hcltech.com https://excalibur-hcl.my.salesforce.com/sfc/p/#U0000000YO14/a/Pf000003dyQn/x0oUOgfHG6F0wUhpmSMcmXMuwO2GYuSf_duzWPRebao

Benzer Kayıtlar

High

CVE-2025-55263

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or i…

Medium

CVE-2025-55264

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a s…

High

CVE-2025-55261

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his pri…

High

CVE-2025-55262

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensiti…

Low

CVE-2025-55274

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the expo…

Low

CVE-2025-55275

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurren…