8.8
CVE-2025-52612
- EPSS 0.2%
- Veröffentlicht 04.06.2026 11:40:16
- Zuletzt bearbeitet 04.06.2026 18:32:57
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
HCL iControl was affected by Export CSV - CSV Injection vulnerability.
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.097 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| psirt@hcl.com | 7.1 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-1236 Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131041