VYPR

Unica Plan

by HCLTech

CVEs (9)

  • CVE-2025-62319CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.00

    Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently…

  • CVE-2026-22514HigMar 25, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1.

  • CVE-2025-62320MedMar 17, 2026
    risk 0.31cvss 4.7epss 0.00

    HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically…

  • CVE-2025-51734Nov 28, 2025
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.

  • CVE-2025-51733Nov 28, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.

  • CVE-2025-51736Nov 28, 2025
    risk 0.00cvss epss 0.00

    File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.

  • CVE-2025-51735Nov 28, 2025
    risk 0.00cvss epss 0.00

    CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.

  • CVE-2025-52616Oct 12, 2025
    risk 0.00cvss epss 0.00

    HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.

  • CVE-2023-37497Aug 3, 2023
    risk 0.00cvss epss 0.00

    The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.