CVE-2024-42210

HIGH

HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-42210. PoCs published by MarioTesoro.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-42210, a stored XSS vulnerability in HCL Unica Marketing Operations v12.1.8 and lower. It includes a proof-of-concept payload and steps to reproduce the vulnerability, along with impact and mitigation details.

Description

A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower.  Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

Exploits (1)

github WRITEUP 1 stars
by MarioTesoro · poc
https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-42210

This repository provides a detailed technical analysis of CVE-2024-42210, a stored XSS vulnerability in HCL Unica Marketing Operations v12.1.8 and lower. It includes a proof-of-concept payload and steps to reproduce the vulnerability, along with impact and mitigation details.

Classification
Writeup 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: HCL Unica Marketing Operations ≤ 12.1.8
Auth required
Prerequisites: Authenticated access to HCL Unica Marketing Operations · High privileges
devstral-2 · analyzed Mar 21, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.6
EPSS 0.0017
EPSS Percentile 6.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (2)
HCLSoftware/Unica Marketing Operations (Plan) <= 12.1.8
hcltech/unica < 12.1.9
Published Mar 19, 2026
Tracked Since Mar 19, 2026