CVE-2023-37512 – HCL Traveler Companion is vulnerable to revealing sensitive information via the task switcher
https://notcve.org/view.php?id=CVE-2023-37512
When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106691 •
CVE-2023-37513 – HCL Traveler To Do is vulnerable to revealing sensitive information via the task switcher
https://notcve.org/view.php?id=CVE-2023-37513
When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106692 •
CVE-2023-37511 – HCL Traveler To Do is affected by App Transport Security (ATS) settings allowing insecure loads in web content
https://notcve.org/view.php?id=CVE-2023-37511
If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106690 •
CVE-2022-27561 – HCL Traveler is susceptible to a Reflected Cross-Site Scripting vulnerability in the web admin (LotusTraveler.nsf)
https://notcve.org/view.php?id=CVE-2022-27561
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). Se presenta una vulnerabilidad de tipo Cross-Site Scripting reflejado en el administrador web de HCL Traveler (LotusTraveler.nsf) • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100435 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-27778 – HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information.
https://notcve.org/view.php?id=CVE-2021-27778
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. HCL Traveler es vulnerable a un cross-site scripting (XSS) causado por una validación inadecuada del parámetro Name para Approved Applications en las páginas web de administración de Traveler. Un atacante podría explotar esta vulnerabilidad para ejecutar un script malicioso para acceder a cualquier cookie, tokens de sesión u otra información sensible retenida por el navegador y utilizada con ese sitio • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098044 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •