CVE-2025-52624
MEDIUMDescription
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| hcltech | aion |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-52624? +
How severe is CVE-2025-52624? +
What products are affected by CVE-2025-52624? +
How do I check if I'm vulnerable to CVE-2025-52624? +
Related Vulnerabilities
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious …
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a …
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may …
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their …