CVE-2025-55273
Received Received - Intake
Cross Domain Script Include Vulnerability in HCL Aftermarket DPC

Publication date: 2026-03-26

Last updated on: 2026-03-26

Assigner: HCL Software

Description
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55273
EUVD
EUVD-2025-209069
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hcltech aftermarket_cloud 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers to tamper with the DOM using external scripts, potentially stealing cookies or session tokens which can lead to session hijacking.

Such unauthorized access and data theft could impact compliance with standards like GDPR and HIPAA, which require protection of user data and secure session management to prevent unauthorized access.

Executive Summary

The vulnerability in HCL Aftermarket DPC is a Cross Domain Script Include issue where an attacker can use external scripts to tamper with the Document Object Model (DOM) of the application.

This tampering can alter the content or behavior of the application, allowing malicious scripts to steal cookies or session tokens.

Such theft can lead to session hijacking, where an attacker gains unauthorized access to a user's session.

Impact Analysis

This vulnerability can impact you by allowing attackers to hijack user sessions through stolen cookies or session tokens.

Session hijacking can lead to unauthorized access to user accounts or sensitive information within the application.

The overall impact is limited to integrity loss, as indicated by the CVSS score, with no direct confidentiality or availability impact.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart