VYPR
Unrated severityNVD Advisory· Published May 31, 2022· Updated Sep 17, 2024

HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information.

CVE-2021-27778

Description

HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.

Affected products

2
  • HCLTech/Travelerllm-fuzzy
  • HCL Software/HCL Travelerv5
    Range: 12.0.1.0 and earlier

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.