Unrated severityNVD Advisory· Published May 31, 2022· Updated Sep 17, 2024
HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information.
CVE-2021-27778
Description
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
Affected products
2- HCL Software/HCL Travelerv5Range: 12.0.1.0 and earlier
Patches
Vulnerability mechanics
References
1- support.hcltechsw.com/csmmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.