Hcltech Icontrol
5 CVEs affecting Hcltech Icontrol. Latest disclosed: 2026-06-04. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-52612 | High | 7.1 | 2026-06-04 | HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by a… |
CVE-2025-52606 | Medium | 4.3 | 2026-06-04 | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received i… |
CVE-2025-52609 | Low | 3.7 | 2026-06-04 | HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering me… |
CVE-2025-52611 | Low | 3.1 | 2026-06-04 | HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in… |
CVE-2025-52608 | Low | 3.1 | 2026-06-04 | HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, incl… |