CVE-2021-27778
HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
HCL Traveler es vulnerable a un cross-site scripting (XSS) causado por una validación inadecuada del parámetro Name para Approved Applications en las páginas web de administración de Traveler. Un atacante podría explotar esta vulnerabilidad para ejecutar un script malicioso para acceder a cualquier cookie, tokens de sesión u otra información sensible retenida por el navegador y utilizada con ese sitio
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-26 CVE Reserved
- 2022-05-31 CVE Published
- 2023-12-22 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098044 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hcltech Search vendor "Hcltech" | Traveler Search vendor "Hcltech" for product "Traveler" | <= 12.0.1.0 Search vendor "Hcltech" for product "Traveler" and version " <= 12.0.1.0" | - |
Affected
|