{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62320", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-10-10T09:04:19.898Z", "datePublished": "2026-03-17T12:02:08.881Z", "dateUpdated": "2026-03-17T12:56:51.604Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-17T12:02:08.881Z"}, "title": "HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')", "type": "CWE"}]}], "affected": [{"vendor": "HCL", "product": "Sametime", "versions": [{"status": "affected", "version": "version 25.1.1 and below."}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user\u2019s browser.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user\u2019s browser."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129460"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T12:56:45.655304Z", "id": "CVE-2025-62320", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T12:56:51.604Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62320", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T12:56:45.655304Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T12:56:48.535Z"}}], "cna": {"title": "HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL", "product": "Sametime", "versions": [{"status": "affected", "version": "version 25.1.1 and below."}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129460"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user\u2019s browser.", "supportingMedia": [{"type": "text/html", "value": "HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user\u2019s browser.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-17T12:02:08.881Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62320", "state": "PUBLISHED", "dateUpdated": "2026-03-17T12:56:51.604Z", "dateReserved": "2025-10-10T09:04:19.898Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-03-17T12:02:08.881Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*", "matchCriteriaId": "305B2D5D-64DB-40FC-9188-CCF3EA5764F1", "versionEndExcluding": "12.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*", "matchCriteriaId": "10B800BE-C835-4E99-A05F-FF5B0C8556F3", "versionEndExcluding": "25.1.1.0.1", "versionStartIncluding": "25.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_audience_central:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3B128F6-5258-4CD7-9B8B-2EA82575046B", "versionEndExcluding": "12.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_audience_central:*:*:*:*:*:*:*:*", "matchCriteriaId": "56033CC8-1562-481D-9781-68605E639D33", "versionEndExcluding": "25.1.1.0.1", "versionStartIncluding": "25.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_campaign:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBD704E0-EC17-40EF-B125-A3F7B2265C87", "versionEndExcluding": "12.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_campaign:*:*:*:*:*:*:*:*", "matchCriteriaId": "21A943C9-F93D-4385-9FA2-D7970FDF2CF5", "versionEndExcluding": "25.1.1.0.1", "versionStartIncluding": "25.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_centralised_offer_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "62BA1D1F-E3A6-4F78-98C8-C5BF4C28BB45", "versionEndExcluding": "12.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_centralised_offer_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "122EAB2F-BB96-4954-93F9-82FB61D27A5D", "versionEndExcluding": "25.1.1.0.1", "versionStartIncluding": "25.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_contact_central:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CB92F37-C4B6-403B-A150-C9BCB094CD41", "versionEndExcluding": "12.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_contact_central:*:*:*:*:*:*:*:*", "matchCriteriaId": "A55CF519-0F7B-469D-96FE-D29DEDC35C9C", "versionEndExcluding": "25.1.1.0.1", "versionStartIncluding": "25.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_interact:*:*:*:*:*:*:*:*", "matchCriteriaId": "23118E78-677A-4E04-ABAA-7A301B45FFB1", "versionEndExcluding": "12.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_interact:*:*:*:*:*:*:*:*", "matchCriteriaId": "73B4E36F-D53D-4E3C-92DA-97151A2BCEDF", "versionEndExcluding": "25.1.1.0.1", "versionStartIncluding": "25.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_journey:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7802A1C-BE9A-45BB-81EE-C1836BB6933C", "versionEndExcluding": "12.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_journey:*:*:*:*:*:*:*:*", "matchCriteriaId": "206F9793-8910-45B1-8249-B3F04B326AB2", "versionEndExcluding": "25.1.1.0.1", "versionStartIncluding": "25.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_plan:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D193791-017A-4E65-A183-4780E3DE37AE", "versionEndExcluding": "12.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_plan:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC3A16-B40C-44D0-BEDB-8EBEE9671B58", "versionEndExcluding": "25.1.1.0.1", "versionStartIncluding": "25.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_segment_central:*:*:*:*:*:*:*:*", "matchCriteriaId": "13A74D83-78CC-495E-AC56-90C472725477", "versionEndExcluding": "12.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:unica_segment_central:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C9D635D-AB51-43CF-B5C5-6E013191A637", "versionEndExcluding": "25.1.1.0.1", "versionStartIncluding": "25.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user\u2019s browser."}, {"lang": "es", "value": "La Inyecci\u00f3n HTML puede llevarse a cabo en el Producto cuando una aplicaci\u00f3n web no verifica o limpia adecuadamente la entrada del usuario antes de mostrarla en una p\u00e1gina web. Debido a esto, un atacante puede insertar c\u00f3digo HTML no deseado en la p\u00e1gina. Cuando el navegador carga la p\u00e1gina, puede interactuar autom\u00e1ticamente con recursos externos incluidos en ese HTML, lo que puede causar solicitudes inesperadas desde el navegador del usuario."}], "id": "CVE-2025-62320", "lastModified": "2026-05-11T14:18:40.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-17T13:16:16.503", "references": [{"source": "psirt@hcl.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129460"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,25.1.1]"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Sametime", "source": "cna", "vendor": "HCL"}, "product": "sametime", "vendor": "hcltech"}], "analysis": {"en": {"generated_at": "2026-03-17T13:20:30.406558+00:00", "value": {"mitigation_remediation": ["Check HCL Software support portal for updates and apply any released patches as soon as possible.", "Review all user\u2011supplied input fields in the web application and enforce proper sanitization or encoding to prevent HTML injection.", "Consider deploying a Content Security Policy that restricts the domains from which the application can load external resources."], "summary": {"action": "Patch", "impact": "Data Exfiltration"}, "threat_synthesis": {"affected_systems": "Affected systems include the HCL Sametime platform referenced in the CVE description. No specific version numbers are provided in the CNA data, so the vulnerability may affect all versions that exhibit the described input\u2011validation issue until a patch is released. Organizations should review their deployment to determine whether the affected components are in use.", "description_and_impact": "The vulnerability is an HTML injection flaw caused by insufficient validation of user input in the HCL Sametime web application. An attacker can embed malicious HTML fragments that, when rendered by a victim\u2019s browser, automatically load external resources such as images or scripts. These external requests can cause the browser to leak sensitive data to an attacker\u2011controlled server, resulting in potential data exfiltration. The weakness is categorized as CWE\u201179, indicating an injection vulnerability that allows unintended content to be rendered on a web page.", "risk_and_exploitability": "The CVSS score of 4.7 places the vulnerability in the moderate range, and the lack of an EPSS score and absence from the KEV catalog suggest it is not a widely known or exploited issue at present. Exploitation requires a victim to load a page containing the injected HTML, implying a client\u2011side attack vector that can be performed by a user visiting a compromised site or by social engineering. Therefore, the risk is moderate, primarily limited to users who interact with the vulnerable web pages."}}}}, "created": "2026-03-18T12:13:24.942180+00:00", "updated": "2026-03-24T10:49:19.957953+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$sametime"]}