Medium severity6.8NVD Advisory· Published Mar 5, 2024· Updated Jun 17, 2026
CVE-2024-21838
CVE-2024-21838
Description
Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<vEL9.00.1774 (MR2), <vEL8.90.1751 (MR3), <vEL8.80.1526 (MR4), <vEL8.70.2526 (MR6), all versions of 8.60 and prior+ 1 more
- (no CPE)range: <vEL9.00.1774 (MR2), <vEL8.90.1751 (MR3), <vEL8.80.1526 (MR4), <vEL8.70.2526 (MR6), all versions of 8.60 and prior
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1- security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838nvdVendor Advisory
News mentions
0No linked articles in our index yet.