CVE-2025-52624

Опубликовано: 10 окт. 2025

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

A vulnerability Bypass of the script allowlist configuration in HCL AION.

An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.

Ссылки

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124444
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:aion:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.0004

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-1032

CWE-79

Связанные уязвимости

GHSA-9qg7-6j9m-fqcj

CVSS3: 5.4

github

4 месяца назад

A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.

EPSS

Процентиль: 12%

0.0004

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-1032

CWE-79