{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52654", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-06-18T14:03:06.891Z", "datePublished": "2025-10-03T18:11:20.450Z", "dateUpdated": "2025-10-10T13:40:06.170Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HCL MyXalytics", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "6.6"}]}], "datePublic": "2025-10-03T15:17:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation.</span><br>"}], "value": "HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-10-10T13:40:06.170Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411"}], "source": {"discovery": "INTERNAL"}, "title": "HCL MyXalytics is affected by an HTML Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-03T18:53:45.456428Z", "id": "CVE-2025-52654", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T18:54:14.802Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52654", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-03T18:53:45.456428Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T18:54:00.846Z"}}], "cna": {"title": "HCL MyXalytics is affected by an HTML Injection", "source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "HCL MyXalytics", "versions": [{"status": "affected", "version": "6.6"}], "defaultStatus": "unaffected"}], "datePublic": "2025-10-03T15:17:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-10-10T13:40:06.170Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52654", "state": "PUBLISHED", "dateUpdated": "2025-10-10T13:40:06.170Z", "dateReserved": "2025-06-18T14:03:06.891Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2025-10-03T18:11:20.450Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "63206848-DCF7-4835-A58C-5F3E7F455E5C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation."}], "id": "CVE-2025-52654", "lastModified": "2025-10-10T14:15:42.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2025-10-03T19:15:46.487", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124411"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{"created": "2025-10-06T14:42:16.019546+00:00", "updated": "2025-10-06T14:42:16.019607+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$dryice_myxalytics"]}