CVE-2025-52609
3.7 LOWHCL iControl was affected by Missing Security Headers vulnerability
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-693
Affected products
| Vendor | Product |
|---|---|
| hcltech | icontrol |
Description
HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-21837 — HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API (8.8 HIGH)
- CVE-2026-21826 — HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection (6.1 MEDIUM)
- CVE-2026-21825 — HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center (6.1 MEDIUM)
- CVE-2025-52612 — HCL iControl was affected by Export CSV - CSV Injection vulnerability (7.1 HIGH)
- CVE-2025-52611 — HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability (3.1 LOW)
Same CWE
- CVE-2026-50564 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
- CVE-2026-50545 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
- CVE-2026-48575 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally (7.9 HIGH)
- CVE-2026-48570 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally (7.9 HIGH)
- CVE-2026-48568 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally (7.9 HIGH)