Low severity3.1NVD Advisory· Published May 6, 2026· Updated May 7, 2026
CVE-2025-59854
CVE-2025-59854
Description
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robust Content Security Policy (CSP).
Affected products
2cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*range: <4.1
- (no CPE)
Patches
Vulnerability mechanics
References
1- support.hcl-software.com/csmnvdVendor Advisory
News mentions
0No linked articles in our index yet.