CVE-2025-31970 — Cross-Site Scripting (XSS)
CVE-2025-31970 — HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)
What This Means For You
- If your environment is affected by CWE-358, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2025-31970 updates and patches.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-31970 | vulnerability | CVE-2025-31970 |
| CWE-358 | weakness | CWE-358 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 14:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
HCL BigFix RunBookAI Vulnerability Allows Command Smuggling
CVE-2025-31951 — HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was...
CVE-2026-6420 — Keylime Vulnerability
CVE-2026-6420 — A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit...
CVE-2026-40001 — Code Execution
CVE-2026-40001 — There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary...