HTML Injection Vulnerability in HCL Unica MaxAI Assistant
CVE-2025-31992

4.6MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Maxai Assistant
Vendor: CVE Published:; 12 October 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31992?

HCL Unica MaxAI Assistant has a vulnerability that allows attackers to exploit HTML injection. This vulnerability enables an attacker to insert malicious HTML characters into the application, which are then executed on the client-side. Such an attack puts users' session data at risk by potentially allowing unauthorized actions or data exposure within the context of their interactions. This situation emphasizes the importance of secure coding practices and regular security assessments.

Affected Version(s)

MaxAI Assistant 12.1.10 - 25.1

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2025
Vulnerability Reserved
Apr 1, 2025

JSON