cbcvebase.

Hcltech Unica vulnerabilities

18 known vulnerabilities affecting hcltech/unica.

Total CVEs
18
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM11

Vulnerabilities

Page 1 of 1
CVE-2025-62319P2CRITICALCVSS 9.8fixed in 25.1.1.0.12026-03-16
CVE-2025-62319 [CRITICAL] CWE-89 CVE-2025-62319: Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queri Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This
nvd
CVE-2023-37498P3HIGHCVSS 8.8fixed in 12.1.12023-08-03
CVE-2023-37498 [HIGH] CVE-2023-37498: A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by a A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges.
nvd
CVE-2023-37497P3HIGHCVSS 8.8fixed in 11.1.0.6≥ 12.0, < 12.1.12023-08-03
CVE-2023-37497 [HIGH] CWE-611 CVE-2023-37497: The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XM The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.
nvd
CVE-2025-51735P3HIGHCVSS 7.5v12.0.02025-11-28
CVE-2025-51735 [HIGH] CWE-1236 CVE-2025-51735: CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
nvd
CVE-2025-31996P3HIGHCVSS 7.5fixed in 25.1.0.12025-10-13
CVE-2025-31996 [HIGH] CWE-552 CVE-2025-31996: HCL Unica Platform is affected by unprotected files due to improper access controls. These files m HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users.
nvd
CVE-2021-27777P3HIGHCVSS 7.5fixed in 12.1.12022-05-12
CVE-2021-27777 [HIGH] CWE-91 CVE-2021-27777: XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
nvd
CVE-2025-52616P3HIGHCVSS 7.5v12.1.102025-10-12
CVE-2025-52616 [HIGH] CWE-497 CVE-2025-52616: HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information t HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.
nvd
CVE-2025-51736P3MEDIUMCVSS 6.3v12.0.02025-11-28
CVE-2025-51736 [MEDIUM] CWE-434 CVE-2025-51736: File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
nvd
CVE-2025-62320P4MEDIUMCVSS 6.1fixed in 12.1.11≥ 25.1.0, < 25.1.1.0.12026-03-17
CVE-2025-62320 [MEDIUM] CWE-79 CVE-2025-62320: HTML Injection can be carried out in Product when a web application does not properly check or clean HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpect
nvd
CVE-2025-51734P4MEDIUMCVSS 5.4v12.0.02025-11-28
CVE-2025-51734 [MEDIUM] CWE-79 CVE-2025-51734: Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
nvd
CVE-2025-31969P4MEDIUMCVSS 6.1≤ 25.1.02025-10-12
CVE-2025-31969 [MEDIUM] CWE-358 CVE-2025-31969: HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.
nvd
CVE-2024-42210P4MEDIUMCVSS 5.4fixed in 12.1.92026-03-19
CVE-2024-42210 [MEDIUM] CWE-79 CVE-2024-42210: A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.
nvd
CVE-2023-37501P4MEDIUMCVSS 6.1fixed in 12.1.12023-08-03
CVE-2023-37501 [MEDIUM] CWE-79 CVE-2023-37501: A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks.
nvd
CVE-2025-51733P4MEDIUMCVSS 5.5v12.0.02025-11-28
CVE-2025-51733 [MEDIUM] CWE-352 CVE-2025-51733: Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
nvd
CVE-2025-52615P4MEDIUMCVSS 5.3≤ 25.1.02025-10-12
CVE-2025-52615 [MEDIUM] CWE-693 CVE-2025-52615: HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to les HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers.
nvd
CVE-2023-37499P4MEDIUMCVSS 6.1fixed in 12.1.12023-08-03
CVE-2023-37499 [MEDIUM] CWE-79 CVE-2023-37499: A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the U A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks.
nvd
CVE-2023-37500P4MEDIUMCVSS 6.1fixed in 12.1.12023-08-03
CVE-2023-37500 [MEDIUM] CWE-79 CVE-2023-37500: A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica P A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks.
nvd
CVE-2025-52614P4MEDIUMCVSS 4.3≤ 25.1.02025-10-12
CVE-2025-52614 [MEDIUM] CWE-614 CVE-2025-52614: HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious age HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site.
nvd
Hcltech Unica vulnerabilities | cvebase