CVE-2024-42210 HIGH

CVE-2024-42210: HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability

Vendor Hclsoftware
Product Unica Marketing Operations (Plan)
Weakness CWE-79 · XSS
Published March 19, 2026
Last update March 23, 2026

CVSS base score

7.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower.  Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

Key dates

02Disclosure timeline

March 19, 2026 CVE published
March 23, 2026 Record updated