Skip to main content

Unica

10 CVEs product

Monthly

CVE-2025-62319 CRITICAL Act Now

A Boolean-based SQL injection vulnerability exists in HCL Unica that allows remote attackers to manipulate backend database queries through specially crafted input fields. The vulnerability affects HCL Unica version 25.1.1 and below, enabling unauthenticated attackers to extract sensitive data, modify database contents, or potentially compromise the entire system. With a critical CVSS score of 9.8 and network-based attack vector requiring no authentication, this represents a severe risk to organizations using affected Unica installations.

SQLi Unica
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-51736 MEDIUM This Month

File upload vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Unica
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-51735 HIGH This Week

CSV formula injection vulnerability in HCL Technologies Ltd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Unica
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-51734 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Unica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-51733 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Unica
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-37501 MEDIUM This Month

A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37500 MEDIUM This Month

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37499 MEDIUM This Month

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37498 HIGH This Week

A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Unica
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37497 HIGH This Week

The Unica application exposes an API which accepts arbitrary XML input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Unica
NVD
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 9.8
CRITICAL Act Now

A Boolean-based SQL injection vulnerability exists in HCL Unica that allows remote attackers to manipulate backend database queries through specially crafted input fields. The vulnerability affects HCL Unica version 25.1.1 and below, enabling unauthenticated attackers to extract sensitive data, modify database contents, or potentially compromise the entire system. With a critical CVSS score of 9.8 and network-based attack vector requiring no authentication, this represents a severe risk to organizations using affected Unica installations.

SQLi Unica
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

File upload vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Unica
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

CSV formula injection vulnerability in HCL Technologies Ltd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Unica
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Unica
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Unica
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Unica
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Unica application exposes an API which accepts arbitrary XML input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Unica
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy