Unica Plan
by HCLTech
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62319 | Cri | 0.64 | 9.8 | 0.00 | Mar 16, 2026 | Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently… | ||
| CVE-2026-22514 | Hig | 0.53 | 8.1 | 0.01 | Mar 25, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1. | ||
| CVE-2025-62320 | Med | 0.31 | 4.7 | 0.00 | Mar 17, 2026 | HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically… | ||
| CVE-2025-51734 | 0.00 | — | 0.00 | Nov 28, 2025 | Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||
| CVE-2025-51733 | 0.00 | — | 0.00 | Nov 28, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||
| CVE-2025-51736 | 0.00 | — | 0.00 | Nov 28, 2025 | File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||
| CVE-2025-51735 | 0.00 | — | 0.00 | Nov 28, 2025 | CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||
| CVE-2025-52616 | 0.00 | — | 0.00 | Oct 12, 2025 | HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application. | |||
| CVE-2023-37497 | 0.00 | — | 0.00 | Aug 3, 2023 | The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service. |
- risk 0.64cvss 9.8epss 0.00
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently…
- risk 0.53cvss 8.1epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1.
- risk 0.31cvss 4.7epss 0.00
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically…
- CVE-2025-51734Nov 28, 2025risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
- CVE-2025-51733Nov 28, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
- CVE-2025-51736Nov 28, 2025risk 0.00cvss —epss 0.00
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
- CVE-2025-51735Nov 28, 2025risk 0.00cvss —epss 0.00
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
- CVE-2025-52616Oct 12, 2025risk 0.00cvss —epss 0.00
HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.
- CVE-2023-37497Aug 3, 2023risk 0.00cvss —epss 0.00
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.