CVE-2025-0272

Published: Apr 3, 2025Modified: Apr 10, 2025

7.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Exploitability: 2.3 / Impact: 4.7

Source: NVD

Description

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

Affected (6)

Products: Hcltechsw: Hcl Devops Deploy, Hcl Launch

Hcltechsw

2 products

Hcl Devops Deploy

Hcl Launch

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Hcltechsw Hcl Devops Deploy	From 8.0.0.0 to 8.0.1.5
Hcltechsw Hcl Devops Deploy	From 8.1.0 to 8.1.0.1
Hcltechsw Hcl Launch	From 7.0.0.0 to 7.0.5.26
Hcltechsw Hcl Launch	From 7.1.0.0 to 7.1.2.22
Hcltechsw Hcl Launch	From 7.2.0.0 to 7.2.3.15
Hcltechsw Hcl Launch	From 7.3.0.0 to 7.3.2.9

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120137

Source: psirt@hcl.com

Vendor Advisory

Timeline

No history available yet.