3 matches found
CVE-2019-4409
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the...
CVE-2019-4409
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the...
CVE-2019-4409
HCL Traveler versions 9.x and earlier are affected by a cross-site scripting (XSS) vulnerability. The issue arises on the Problem Report page where a user can attach a file; if the invalid file name is echoed back in the error page without proper escaping, it can enable XSS. Affected product: HCL...