VYPR
Unrated severityNVD Advisory· Published Oct 18, 2019· Updated Aug 4, 2024

CVE-2019-4409

CVE-2019-4409

Description

HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entered file name. If the file name is not escaped in the returned error page, it could expose a cross-site scripting (XSS) vulnerability.

Affected products

2
  • HCLTech/Travelerllm-fuzzy
    Range: <= 9.x
  • HCL/HCL Travelerv5
    Range: 9.x and earlier versions

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.