📦 Aion

This vulnerability allows inline script execution despite Content Security Policy (CSP) restrictions in HCL AION v2.0. Attackers can bypass CSP protections to execute malicious JavaScript in users' br...

HCL AION versions 2.0 have a SameSite cookie vulnerability that allows cookies to be sent in cross-site requests. This increases exposure to cross-site request forgery (CSRF) attacks where attackers c...

This vulnerability allows attackers to bypass script allowlist configurations in HCL AION due to an incorrectly configured Content-Security-Policy header. This could enable unauthorized script executi...

A missing Secure attribute in SSL cookies in HCL AION allows attackers to intercept session cookies over unencrypted HTTP connections. This affects HCL AION version 2.0 installations, potentially expo...

HCL AION 2.0 has a vulnerability where password fields don't disable autocomplete, potentially allowing browsers to store or autofill credentials. This could lead to unintended credential exposure if ...

HCL AION 2.0 lacks proper HTTP Strict-Transport-Security headers, allowing attackers to force insecure HTTP connections or downgrade HTTPS to HTTP. This exposes the application to man-in-the-middle at...

HCL AION stores sensitive session information in persistent cookies that survive browser sessions, potentially allowing attackers to hijack user sessions if they obtain these cookies. This affects all...

HCL AION version 2 contains a technical error disclosure vulnerability that can expose sensitive system details through error messages. This affects organizations using HCL AION version 2, potentially...

HCL AION version 2 has a weak password policy vulnerability that allows users to set easily guessable passwords. This could enable attackers to gain unauthorized access through password guessing or br...

HCL AION web applications are vulnerable due to missing standard security HTTP response headers. This allows attackers to more easily conduct common web-based attacks like clickjacking, MIME sniffing,...

HCL AION has an unrestricted file upload vulnerability that allows attackers to upload malicious files to the server. This could lead to remote code execution or complete system compromise if exploite...

HCL AION version 2 has a cacheable HTTP response vulnerability where sensitive or dynamic content may be stored in caches. This could allow unauthorized users to access cached information that should ...

HCL AION has an unrestricted file upload vulnerability that allows attackers to upload malicious files. This could lead to remote code execution or system compromise if exploited. Organizations using ...

HCL AION version 2 has JWT tokens that remain valid for an excessively long time, allowing attackers who obtain these tokens to potentially maintain unauthorized access to the system. This affects all...