Medium severity4.7NVD Advisory· Published Mar 17, 2026· Updated May 11, 2026

CVE-2025-62320

Description

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user’s browser.

Affected products

HCL/Sametimev5
Range: version 25.1.1 and below.
HCLTech/Unica
cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*
Range: <12.1.11
HCLTech/Unica Audience Central
cpe:2.3:a:hcltech:unica_audience_central:*:*:*:*:*:*:*:*
Range: <12.1.11
HCLTech/Unica Campaign
cpe:2.3:a:hcltech:unica_campaign:*:*:*:*:*:*:*:*
Range: <12.1.11
HCLTech/Unica Centralised Offer Management
cpe:2.3:a:hcltech:unica_centralised_offer_management:*:*:*:*:*:*:*:*
Range: <12.1.11
HCLTech/Unica Contact Central
cpe:2.3:a:hcltech:unica_contact_central:*:*:*:*:*:*:*:*
Range: <12.1.11
HCLTech/Unica Interact
cpe:2.3:a:hcltech:unica_interact:*:*:*:*:*:*:*:*
Range: <12.1.11
HCLTech/Unica Journey
cpe:2.3:a:hcltech:unica_journey:*:*:*:*:*:*:*:*
Range: <12.1.11
HCLTech/Unica Plan
cpe:2.3:a:hcltech:unica_plan:*:*:*:*:*:*:*:*
Range: <12.1.11
HCLTech/Unica Segment Central
cpe:2.3:a:hcltech:unica_segment_central:*:*:*:*:*:*:*:*
Range: <12.1.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.hcl-software.com/csmnvdPatchVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.306
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000