CVE-2025-55273
Cross Domain Script Include Vulnerability in HCL Aftermarket DPC
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aftermarket_cloud | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to tamper with the DOM using external scripts, potentially stealing cookies or session tokens which can lead to session hijacking.
Such unauthorized access and data theft could impact compliance with standards like GDPR and HIPAA, which require protection of user data and secure session management to prevent unauthorized access.
Can you explain this vulnerability to me?
The vulnerability in HCL Aftermarket DPC is a Cross Domain Script Include issue where an attacker can use external scripts to tamper with the Document Object Model (DOM) of the application.
This tampering can alter the content or behavior of the application, allowing malicious scripts to steal cookies or session tokens.
Such theft can lead to session hijacking, where an attacker gains unauthorized access to a user's session.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to hijack user sessions through stolen cookies or session tokens.
Session hijacking can lead to unauthorized access to user accounts or sensitive information within the application.
The overall impact is limited to integrity loss, as indicated by the CVSS score, with no direct confidentiality or availability impact.