CVE-2024-42210

HIGH

HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability

Title source: cna

Description

A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

Exploits (1)

github WRITEUP 1 stars

by MarioTesoro · poc

https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-42210

View Code ZIP pw:eip

References (2)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123760

[Exploit, Third Party Advisory] https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2024-42210/README.md

Scores

CVSS v3 7.6

EPSS 0.0003

EPSS Percentile 10.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-79

Status published

Products (2)

HCLSoftware/Unica Marketing Operations (Plan) <= 12.1.8

hcltech/unica < 12.1.9

Published Mar 19, 2026

Tracked Since Mar 19, 2026