CVE-2025-31994 — MEDIUM (4.3)

Vulnerability Description

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Related Weaknesses (CWE)

CWE-79

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124472

FAQ

What is CVE-2025-31994?

CVE-2025-31994 is a vulnerability with a CVSS score of 4.3 (MEDIUM). HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immed...

How severe is CVE-2025-31994?

CVE-2025-31994 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-31994?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.