Lucene search

K
cvelistHCLCVELIST:CVE-2021-27778
HistoryMay 31, 2022 - 11:50 p.m.

CVE-2021-27778 HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information.

2022-05-3123:50:11
CWE-79
HCL
www.cve.org
8
cve-2021-27778
hcl traveler
cross-site scripting
sensitive information

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

22.7%

HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.

CNA Affected

[
  {
    "product": "HCL Traveler",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "12.0.1.0 and earlier"
      }
    ]
  }
]

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

22.7%

Related for CVELIST:CVE-2021-27778