CWE-1032 (OWASP Top Ten 2017 Category A6 - Security Misconfiguration) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2017.
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2025-52629 | 2026-02-03 | HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe script… |
| CVE-2025-52635 | 2025-10-10 | A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0. |
| CVE-2025-52624 | 2025-10-10 | A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of … |
| CVE-2025-52650 | 2025-10-10 | Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0 |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2014-06-23 | CWE Content Team | 2.7 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated References |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Mapping_Notes |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated References |