CVE-2025-55273

MEDIUM

4.3

Descricao

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking.

Detalhes CVE

Pontuacao CVSS v3.14.3

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado3/26/2026

Ultima modificacao3/26/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

hcltech:aftermarket_cloud

Fraquezas (CWE)

CWE-829

Referencias

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793(psirt@hcl.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.