anonhaven
Ad

CVE-2024-42210

HIGH CVSS 3.1: 5.4 EPSS 0.03%
Updated Mar 23, 2026
Hcltech
Parameter Value
CVSS 5.4 (HIGH)
Affected Versions before 12.1.9
Fixed In 12.1.9
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Hcltech
Public PoC No

A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower.  Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Hcltech Unica
cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*
 12.1.9

References 2

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123760
psirt@hcl.com
https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2024-42210/…
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-21767

Hcltech

3.3

CVE-2026-21765

Hcltech

7.8

CVE-2025-55264

Hcltech

5.5

CVE-2025-55263

Hcltech

7.5

CVE-2025-55262

Hcltech

7.5