HTML Injection Vulnerability in HCL DevOps Deploy by HCL Software
CVE-2025-0272
7.6HIGH
Key Information:
- Vendor
- HCL Software Software
- Status
- HCL Software Devops Deploy / HCL Software Launch
- Vendor
- CVE Published:
- 3 April 2025
Summary
HCL DevOps Deploy and HCL Launch contain a vulnerability that allows for HTML injection via the Web UI. This weakness enables attackers to embed arbitrary HTML tags, which could lead to unauthorized disclosure of sensitive information. Users should be aware of this risk and take appropriate measures to secure their systems.
Affected Version(s)
HCL DevOps Deploy / HCL Launch 7.0 - 7.0.5.26; 7.1 - 7.1.2.21; 7.2 - 7.2.3.14; 7.3 - 7.3.2.9; 8.0 - 8.0.1.4; 8.1 - 8.1.0.0
References
CVSS V3.1
Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved