CVE Catalog
CVE-2025-63401
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk0.32%
24th percentile - higher than 24% of all known CVEs
Summary
A Cross Site Scripting (XSS) vulnerability was found in HCLTech DRAGON prior to version 7.6.0. Missing security directives allow a remote attacker to execute arbitrary code in the victim's browser context.
Risk Assessment
The risk includes potential session hijacking, data theft, or malware distribution within the organization through injected malicious scripts.
Recommendation
Immediately upgrade HCLTech DRAGON to version 7.6.0 or later, which includes fixes for this vulnerability.
Original NVD description (English source)
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives

