CVE-2025-52609
Missing Security Headers in HCL iControl Enable XSS Attacks
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | i_control | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in HCL iControl is due to missing security headers which leads to cross-site scripting (XSS) attacks. This means that the absence of certain security headers allows attackers to bypass the built-in XSS filtering mechanisms of modern web browsers, potentially enabling malicious scripts to run.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the Missing Security Headers vulnerability in HCL iControl impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute cross-site scripting (XSS) attacks. Such attacks can lead to the injection and execution of malicious scripts in your web browser, which may result in unauthorized actions, data manipulation, or theft of sensitive information.