CVE-2025-0272

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*

History

10 Apr 2025, 13:27

Type Values Removed Values Added
References () https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120137 - () https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120137 - Vendor Advisory
CPE cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*
CWE CWE-79
First Time Hcltechsw hcl Launch
Hcltechsw
Hcltechsw hcl Devops Deploy

07 Apr 2025, 14:18

Type Values Removed Values Added
Summary
  • (es) HCL DevOps Deploy/HCL Launch es vulnerable a la inyección de HTML. Esta vulnerabilidad podría permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz web, lo que podría provocar la divulgación de información confidencial.

03 Apr 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-03 15:15

Updated : 2025-04-10 13:27


NVD link : CVE-2025-0272

Mitre link : CVE-2025-0272

CVE.ORG link : CVE-2025-0272


JSON object : View

Products Affected

hcltechsw

  • hcl_devops_deploy
  • hcl_launch
CWE
CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')