Medium severity5.3NVD Advisory· Published May 6, 2026· Updated May 7, 2026
CVE-2025-31970
CVE-2025-31970
Description
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)
Affected products
2cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*range: <4.1
- (no CPE)
Patches
Vulnerability mechanics
References
1- support.hcl-software.com/csmnvdVendor Advisory
News mentions
0No linked articles in our index yet.