HTML Injection Vulnerability in HCL DevOps Deploy by HCL Software
CVE-2025-0272

5.4MEDIUM

Key Information:

Vendor
HCL Software Software
Status
HCL Software Devops Deploy / HCL Software Launch
Vendor
CVE Published:
3 April 2025

Summary

HCL DevOps Deploy and HCL Launch contain a vulnerability that allows for HTML injection via the Web UI. This weakness enables attackers to embed arbitrary HTML tags, which could lead to unauthorized disclosure of sensitive information. Users should be aware of this risk and take appropriate measures to secure their systems.

Affected Version(s)

HCL DevOps Deploy / HCL Launch 7.0 - 7.0.5.26; 7.1 - 7.1.2.21; 7.2 - 7.2.3.14; 7.3 - 7.3.2.9; 8.0 - 8.0.1.4; 8.1 - 8.1.0.0

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.