Primary

Context

HCL AION Trusted Types in Scripts Not Enforced in CSP Vulnerability

Vulnerability

A vulnerability has been identified in HCL AION version 2.0, where trusted types in scripts are not properly enforced in the Content Security Policy (CSP). This issue allows for unsafe script execution, increasing the risk of client-side vulnerabilities such as DOM-based cross-site scripting (XSS).

Impact

The vulnerability could lead to client-side issues, allowing for DOM-based cross-site scripting attacks, where an attacker could manipulate the Document Object Model in a way that could be harmful to the user or the application.

Remediation

Users can upgrade to HCL AION version 2.0.1, which addresses this vulnerability. For assistance with the upgrade process, contact the HCL AION Product support team.

Added: Oct 10, 2025, 11:23 AM

Updated: Oct 10, 2025, 11:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL AION Trusted Types in Scripts Not Enforced in CSP Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating