CNNVD-202510-1462 Information
Oct 10, 2025
cve
CNNVD ID
CNNVD-202510-1462
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
HCL AION是印度HCL公司的一款AI生命周期管理平台。 HCL AION 2.0版本存在安全漏洞,该漏洞源于脚本白名单配置绕过和Content-Security-Policy标头配置不当,可能导致跨站脚本和其他注入攻击。
Description (English)
HCL AION is an AI life-cycle management platform for HCL India. There is a security loophole in HCL AION 2.0, which stems from the script white list configuration bypassing and inappropriate configuration of the Content-Security-Policie header, which could lead to cross-site scripts and other injection attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
HCL
Published
2025-10-10
Last Modified
2026-02-24
References
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124444
Patch
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124444
Share on: