CVE-2024-42210
CVE-2024-42210
7.6
HighPublished:
Last updated:
Source:psirt@hcl.com
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- High
- User Interaction
- Required
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.
References
af854a3a-2127-422b-91ae-364da2661108
https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2024-42210/README.md