HTML Injection Vulnerability in HCL DevOps Deploy by HCL Software
CVE-2025-0272
5.4MEDIUM
Key Information:
- Vendor
- HCL Software Software
- Status
- HCL Software Devops Deploy / HCL Software Launch
- Vendor
- CVE Published:
- 3 April 2025
Summary
HCL DevOps Deploy and HCL Launch contain a vulnerability that allows for HTML injection via the Web UI. This weakness enables attackers to embed arbitrary HTML tags, which could lead to unauthorized disclosure of sensitive information. Users should be aware of this risk and take appropriate measures to secure their systems.
Affected Version(s)
HCL DevOps Deploy / HCL Launch 7.0 - 7.0.5.26; 7.1 - 7.1.2.21; 7.2 - 7.2.3.14; 7.3 - 7.3.2.9; 8.0 - 8.0.1.4; 8.1 - 8.1.0.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved