Cross Domain Script Include Vulnerability in HCL Aftermarket DPC
CVE-2025-55273

4.3MEDIUM

Key Information:

Vendor: HCL Software
Status: Aftermarket Dpc
Vendor: CVE Published:; 26 March 2026

🔔 Create HCL Software Vulnerability Alert

What is CVE-2025-55273?

HCL Aftermarket DPC is susceptible to a Cross Domain Script Include vulnerability that allows an attacker to leverage external scripts to manipulate the Document Object Model (DOM). This exploitation enables the alteration of application content or behavior, potentially compromising sensitive user information such as cookies and session tokens, which can lead to unauthorized session hijacking.

Affected Version(s)

Aftermarket DPC version 1.0.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Aug 12, 2025

CVE-2025-55273 Data

JSON