CVE-2025-62320
HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform
CVSS Score
4.7
EPSS Score
0.0%
EPSS Percentile
0th
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the userβs browser.
| CWE | CWE-79 |
| Vendor | hcl |
| Product | sametime |
| Published | Mar 17, 2026 |
| Last Updated | Mar 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for hcl sametime
Be the first to know when new medium vulnerabilities affecting hcl sametime are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
HCL / Sametime
version 25.1.1 and below.