Vulnerability Description
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user’s browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hcltech | Unica | < 12.1.11 |
| Hcltech | Unica Audience Central | < 12.1.11 |
| Hcltech | Unica Campaign | < 12.1.11 |
| Hcltech | Unica Centralised Offer Management | < 12.1.11 |
| Hcltech | Unica Contact Central | < 12.1.11 |
| Hcltech | Unica Interact | < 12.1.11 |
| Hcltech | Unica Journey | < 12.1.11 |
| Hcltech | Unica Plan | < 12.1.11 |
| Hcltech | Unica Segment Central | < 12.1.11 |
Related Weaknesses (CWE)
References
- https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129460PatchVendor Advisory
FAQ
What is CVE-2025-62320?
CVE-2025-62320 is a vulnerability with a CVSS score of 4.7 (MEDIUM). HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML co...
How severe is CVE-2025-62320?
CVE-2025-62320 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-62320?
Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Unica, Hcltech Unica Audience Central, Hcltech Unica Campaign, Hcltech Unica Centralised Offer Management, Hcltech Unica Contact Central.