CVE-2025-62320

medium

Published 2026-03-17 · Modified 2026-05-11

CVSS v3

6.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2

—

VIR risk

6.1

Description

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user’s browser.

Predictions

Exploit likelihood

71%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@hcl.com — https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129460

Application impact

Vendor	Product	Versions	Fixed
hcltech	unica	`{"endExcluding":"12.1.11"}`	`12.1.11`
hcltech	unica_audience_central	`{"endExcluding":"12.1.11"}`	`12.1.11`
hcltech	unica_campaign	`{"endExcluding":"12.1.11"}`	`12.1.11`
hcltech	unica_centralised_offer_management	`{"endExcluding":"12.1.11"}`	`12.1.11`
hcltech	unica_contact_central	`{"endExcluding":"12.1.11"}`	`12.1.11`
hcltech	unica_interact	`{"endExcluding":"12.1.11"}`	`12.1.11`
hcltech	unica_journey	`{"endExcluding":"12.1.11"}`	`12.1.11`
hcltech	unica_plan	`{"endExcluding":"12.1.11"}`	`12.1.11`
hcltech	unica_segment_central	`{"endExcluding":"12.1.11"}`	`12.1.11`

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129460

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.