Every CVE whose affected-product data names Hcltech Unica, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2025-62319 — CVSS 9.8 (critical): Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions…
CVE-2023-37497 — CVSS 8.1 (high): The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with…
CVE-2023-37498 — CVSS 8.1 (high): A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an…
CVE-2023-37499 — CVSS 8.1 (high): A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack…
CVE-2023-37500 — CVSS 8.1 (high): A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a…
CVE-2023-37501 — CVSS 8.1 (high): A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and…
CVE-2021-27777 — CVSS 7.5 (high): XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient…
CVE-2025-31996 — CVSS 5.3 (medium): HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as…
CVE-2025-52616 — CVSS 5.3 (medium): HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging…
CVE-2025-62320 — CVSS 4.7 (medium): HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a…
CVE-2025-31969 — CVSS 4.0 (medium): HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and…
CVE-2025-52615 — CVSS 3.5 (low): HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for…
CVE-2025-52614 — CVSS 3.5 (low): HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by…