CVE-2025-55273
Received Received - Intake

Cross Domain Script Include Vulnerability in HCL Aftermarket DPC

Vulnerability report for CVE-2025-55273, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-26

Last updated on: 2026-03-26

Assigner: HCL Software

Description

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-26
Last Modified
2026-03-26
Generated
2026-07-07
AI Q&A
2026-03-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcltech aftermarket_cloud 1.0.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers to tamper with the DOM using external scripts, potentially stealing cookies or session tokens which can lead to session hijacking.

Such unauthorized access and data theft could impact compliance with standards like GDPR and HIPAA, which require protection of user data and secure session management to prevent unauthorized access.

Executive Summary

The vulnerability in HCL Aftermarket DPC is a Cross Domain Script Include issue where an attacker can use external scripts to tamper with the Document Object Model (DOM) of the application.

This tampering can alter the content or behavior of the application, allowing malicious scripts to steal cookies or session tokens.

Such theft can lead to session hijacking, where an attacker gains unauthorized access to a user's session.

Impact Analysis

This vulnerability can impact you by allowing attackers to hijack user sessions through stolen cookies or session tokens.

Session hijacking can lead to unauthorized access to user accounts or sensitive information within the application.

The overall impact is limited to integrity loss, as indicated by the CVSS score, with no direct confidentiality or availability impact.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart