Unica Campaign
by HCLTech
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62320 | Med | 0.31 | 4.7 | 0.00 | Mar 17, 2026 | HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically… | ||
| CVE-2025-31994 | Med | 0.28 | 4.3 | 0.00 | Oct 13, 2025 | HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated… | ||
| CVE-2023-37501 | 0.00 | — | 0.00 | Aug 3, 2023 | A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks. | |||
| CVE-2019-4090 | 0.00 | — | 0.01 | Jul 17, 2020 | "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." |
- risk 0.31cvss 4.7epss 0.00
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically…
- risk 0.28cvss 4.3epss 0.00
HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated…
- CVE-2023-37501Aug 3, 2023risk 0.00cvss —epss 0.00
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks.
- CVE-2019-4090Jul 17, 2020risk 0.00cvss —epss 0.01
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."