CVE-2025-59854

Description

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robust Content Security Policy (CSP).

References

• https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569