CVE-2025-52654 MEDIUM

CVE-2025-52654: HCL MyXalytics is affected by an HTML Injection

Vendor Hcl Software
Product HCL MyXalytics
Weakness CWE-80 · XSS · basic
Published October 3, 2025
Last update October 10, 2025

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation.

Key dates

02Disclosure timeline

October 3, 2025 CVE published
October 10, 2025 Record updated