CVE-2025-31994

MEDIUM

HCL Unica Campaign 12.1.10 - Reflected Cross-Site Scripting

Title source: llm
STIX 2.1

Description

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.

References (1)

Core 1

Scores

CVSS v3 4.3
EPSS 0.0017
EPSS Percentile 6.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
HCL Software/Unica Campaign <= 12.1.10
Published Oct 13, 2025
Tracked Since Feb 18, 2026