CVE Catalog

CVE-2025-63401

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile - higher than 24% of all known CVEs

Summary

A Cross Site Scripting (XSS) vulnerability was found in HCLTech DRAGON prior to version 7.6.0. Missing security directives allow a remote attacker to execute arbitrary code in the victim's browser context.

Risk Assessment

The risk includes potential session hijacking, data theft, or malware distribution within the organization through injected malicious scripts.

Recommendation

Immediately upgrade HCLTech DRAGON to version 7.6.0 or later, which includes fixes for this vulnerability.

Original NVD description (English source)

Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives

Vulnerability data from NVD (NIST) · CISA KEV · EPSS