CVE-2025-31994

Name of the Vulnerable Software and Affected Versions HCL Unica Campaign version 12.1.10

Description The software is susceptible to Reflected Cross-Site Scripting (XSS). An attacker can inject malicious script into an HTTP request. This script is then reflected unsafely in the server's response to the victim's browser, causing the script to execute as if it originated from the trusted website. The attack vector involves manipulating HTTP requests to include malicious code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.