Primary

Context

HCL AION Content Security Policy Bypass Vulnerability Allowing Unauthorized Script Execution

Vulnerability

A vulnerability exists in HCL AION version 2.0, allowing a bypass of the script allowlist configuration. An improperly set Content-Security-Policy header could enable unauthorized scripts to run, heightening the risk of cross-site scripting and other injection-related attacks.

Impact

Exploitation of this vulnerability could lead to cross-site scripting or other injection-based attacks, allowing for the execution of malicious scripts in the user's browser.

Remediation

This vulnerability has been fixed in HCL AION version 2.0.1. Customers using earlier versions should upgrade to 2.0.1. For assistance with the upgrade process, contact the HCL AION Product support team.

Added: Oct 10, 2025, 11:24 AM

Updated: Oct 10, 2025, 11:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL AION Content Security Policy Bypass Vulnerability Allowing Unauthorized Script Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating