{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T13:52:33.449","vulnerabilities":[{"cve":{"id":"CVE-2025-63401","sourceIdentifier":"cve@mitre.org","published":"2025-12-03T19:15:57.020","lastModified":"2025-12-18T20:31:37.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.7,"impactScore":4.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dragon:*:*:*:*:*:*:*:*","versionEndExcluding":"7.6.0","matchCriteriaId":"0A4558B9-7770-4304-ADEC-AF823A7CF779"}]}]}],"references":[{"url":"http://hcl.com","source":"cve@mitre.org","tags":["Product"]},{"url":"http://hcltech.com","source":"cve@mitre.org","tags":["Product"]},{"url":"https://excalibur-hcl.my.salesforce.com/sfc/p/#U0000000YO14/a/Pf000003dyQn/x0oUOgfHG6F0wUhpmSMcmXMuwO2GYuSf_duzWPRebao","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}}]}