CVE-2025-31992
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-12

Last updated on: 2025-10-14

Assigner: HCL Software

Description
HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-12
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-10-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-31992
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcl maxai_assistant 3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-80 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-31992 is an HTML injection vulnerability in HCL MaxAI Assistant. It allows an attacker to inject malicious HTML code into the application due to insufficient input validation or sanitization. This malicious code can be processed client-side within the user's session, potentially leading to unauthorized actions such as content manipulation or script execution in the customer support component of the MaxAI Assistant. [1]

Impact Analysis

Exploiting this vulnerability could compromise the integrity and security of the HCL MaxAI Assistant application. An attacker could manipulate content or execute scripts within the affected interface, potentially leading to unauthorized actions that affect end-users interacting with the customer support features. [1]

Mitigation Strategies

To mitigate this vulnerability, ensure proper input validation and sanitization in the customer support component of the HCL MaxAI Assistant to prevent HTML injection. Review and update the application to handle user-supplied data safely, and apply any patches or updates provided by HCL addressing this issue. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31992. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart