VYPR

Unica Campaign

by HCLTech

CVEs (4)

  • CVE-2025-62320MedMar 17, 2026
    risk 0.31cvss 4.7epss 0.00

    HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically…

  • CVE-2025-31994MedOct 13, 2025
    risk 0.28cvss 4.3epss 0.00

    HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated…

  • CVE-2023-37501Aug 3, 2023
    risk 0.00cvss epss 0.00

    A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign.  An attacker could hijack a user's session and perform other attacks.

  • CVE-2019-4090Jul 17, 2020
    risk 0.00cvss epss 0.01

    "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."