Primary

Context

HCL MyXalytics Cross-Domain Script Include Vulnerability

Vulnerability

A Cross-Domain Script Include vulnerability exists in HCL MyXalytics version 6.6. This vulnerability allows the loading of third-party scripts without proper integrity checks or validation, potentially enabling external code to execute within the application's context. Such execution could lead to data exposure or unauthorized actions.

Impact

Exploitation of this vulnerability could result in unauthorized execution of external scripts, potentially allowing for data exposure or execution of unauthorized actions within the application.

Remediation

Users can upgrade to HCL MyXalytics version 6.7, which addresses this vulnerability. For assistance with the upgrade process, customers can contact the HCL MyXalytics support team.

Added: Oct 10, 2025, 9:16 AM

Updated: Oct 10, 2025, 9:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL MyXalytics Cross-Domain Script Include Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating