CVE-2025-62320

Analyzed Analyzed - Analysis Complete

HTML Injection in Web Application Causes Unintended Browser Requests

Publication date: 2026-03-17

Last updated on: 2026-05-11

Assigner: HCL Software

Description

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the user’s browser.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-17

Last Modified

2026-05-11

Generated

2026-06-16

AI Q&A

2026-03-17

EPSS Evaluated

2026-06-14

NVD

CVE-2025-62320

EUVD

EUVD-2025-208779

Affected Vendors & Products

Vendor	Product	Version / Range
hcltech	unica	From 25.1.0 (inc) to 25.1.1.0.1 (exc)
hcltech	unica_centralised_offer_management	From 25.1.0 (inc) to 25.1.1.0.1 (exc)
hcltech	unica_contact_central	From 25.1.0 (inc) to 25.1.1.0.1 (exc)
hcltech	unica_interact	From 25.1.0 (inc) to 25.1.1.0.1 (exc)
hcltech	unica_journey	From 25.1.0 (inc) to 25.1.1.0.1 (exc)
hcltech	unica_plan	From 25.1.0 (inc) to 25.1.1.0.1 (exc)
hcltech	unica_segment_central	From 25.1.0 (inc) to 25.1.1.0.1 (exc)
hcltech	unica_audience_central	From 25.1.0 (inc) to 25.1.1.0.1 (exc)
hcltech	unica_campaign	From 25.1.0 (inc) to 25.1.1.0.1 (exc)
hcltech	unica	to 12.1.11 (exc)
hcltech	unica_campaign	to 12.1.11 (exc)
hcltech	unica_contact_central	to 12.1.11 (exc)
hcltech	unica_audience_central	to 12.1.11 (exc)
hcltech	unica_centralised_offer_management	to 12.1.11 (exc)
hcltech	unica_interact	to 12.1.11 (exc)
hcltech	unica_journey	to 12.1.11 (exc)
hcltech	unica_plan	to 12.1.11 (exc)
hcltech	unica_segment_central	to 12.1.11 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-79	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

Executive Summary

This vulnerability is an HTML Injection issue that occurs when a web application does not properly validate or sanitize user input before displaying it on a webpage.

An attacker can exploit this by inserting malicious or unwanted HTML code into the page.

When a user's browser loads the affected page, it may automatically interact with external resources included in the injected HTML, potentially causing unexpected requests from the user's browser.

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can lead to unexpected interactions between the user's browser and external servers due to the injected HTML."}, {'type': 'paragraph', 'content': 'Such interactions may result in data exfiltration or unauthorized data exposure to external servers.'}, {'type': 'paragraph', 'content': 'It may also cause security risks such as privacy breaches or manipulation of the web page content viewed by users.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves HTML Injection where unwanted HTML code is inserted into a webpage, causing the browser to make unexpected external requests.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system or network, you should monitor web application inputs and outputs for suspicious or unexpected HTML content.'}, {'type': 'paragraph', 'content': 'You can use network monitoring tools to detect unusual outbound requests from browsers that may indicate exploitation.'}, {'type': 'list_item', 'content': 'Use web proxy tools like Burp Suite or OWASP ZAP to intercept and analyze HTTP requests and responses for injected HTML.'}, {'type': 'list_item', 'content': "Run commands such as 'curl' or 'wget' to fetch web pages and inspect the HTML content for unexpected or malicious code."}, {'type': 'list_item', 'content': 'Use browser developer tools to inspect the DOM and network activity for unexpected external resource requests.'}] [1]

Mitigation Strategies

Immediate mitigation steps include properly validating and sanitizing all user inputs before displaying them on web pages to prevent HTML Injection.

Implement Content Security Policy (CSP) headers to restrict the loading of external resources and reduce the impact of injected HTML.

Update the affected product with any patches or fixes provided by the vendor as soon as they become available.

Monitor web application logs and network traffic for signs of exploitation attempts.

Hi! I’m here to help you understand CVE-2025-62320. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-62320

HTML Injection in Web Application Causes Unintended Browser Requests

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart