VYPR
Medium severity6.8NVD Advisory· Published Mar 5, 2024· Updated Jun 17, 2026

CVE-2024-21838

CVE-2024-21838

Description

Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.

This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6),  all version of 8.60 and prior.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Gallagher/Command Centre Serverllm-fuzzy2 versions
    <vEL9.00.1774 (MR2), <vEL8.90.1751 (MR3), <vEL8.80.1526 (MR4), <vEL8.70.2526 (MR6), all versions of 8.60 and prior+ 1 more
    • (no CPE)range: <vEL9.00.1774 (MR2), <vEL8.90.1751 (MR3), <vEL8.80.1526 (MR4), <vEL8.70.2526 (MR6), all versions of 8.60 and prior
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.