TROYANOSYVIRUS
Retour aux CVEs

CVE-2024-42210

HIGH
7.6

Description

A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower.  Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

Details CVE

Score CVSS v3.17.6
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisHIGH
Interaction utilisateurREQUIRED
Publie3/19/2026
Derniere modification3/23/2026
Sourcenvd
Observations honeypot0

Produits affectes

hcltech:unica

Faiblesses (CWE)

CWE-79

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123760(psirt@hcl.com)
https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2024-42210/README.md(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.