CVE-2025-31992
BaseFortify
Publication date: 2025-10-12
Last updated on: 2025-10-14
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | maxai_assistant | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-31992 is an HTML injection vulnerability in HCL MaxAI Assistant. It allows an attacker to inject malicious HTML code into the application due to insufficient input validation or sanitization. This malicious code can be processed client-side within the user's session, potentially leading to unauthorized actions such as content manipulation or script execution in the customer support component of the MaxAI Assistant. [1]
How can this vulnerability impact me? :
Exploiting this vulnerability could compromise the integrity and security of the HCL MaxAI Assistant application. An attacker could manipulate content or execute scripts within the affected interface, potentially leading to unauthorized actions that affect end-users interacting with the customer support features. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure proper input validation and sanitization in the customer support component of the HCL MaxAI Assistant to prevent HTML injection. Review and update the application to handle user-supplied data safely, and apply any patches or updates provided by HCL addressing this issue. [1]