PT-2026-5905 · Hcl+1 · Aion
Published
2026-02-03
·
Updated
2026-04-27
·
CVE-2025-52629
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HCL AION version 2.0
Description
HCL AION is affected by a missing Content-Security-Policy (CSP) header. The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute.
Recommendations
Ensure a Content-Security-Policy header is implemented to mitigate the risk of cross-site scripting and content injection attacks.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aion