5.4
CVE-2026-21788
- EPSS 0.04%
- Veröffentlicht 19.03.2026 09:16:16
- Zuletzt bearbeitet 19.03.2026 18:42:41
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
LoginHCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Connections Version8.0 Update-
Hcltech ≫ Connections Version8.0 Updatecumulative_release1
Hcltech ≫ Connections Version8.0 Updatecumulative_release10
Hcltech ≫ Connections Version8.0 Updatecumulative_release11
Hcltech ≫ Connections Version8.0 Updatecumulative_release12
Hcltech ≫ Connections Version8.0 Updatecumulative_release2
Hcltech ≫ Connections Version8.0 Updatecumulative_release3
Hcltech ≫ Connections Version8.0 Updatecumulative_release4
Hcltech ≫ Connections Version8.0 Updatecumulative_release5
Hcltech ≫ Connections Version8.0 Updatecumulative_release6
Hcltech ≫ Connections Version8.0 Updatecumulative_release7
Hcltech ≫ Connections Version8.0 Updatecumulative_release8
Hcltech ≫ Connections Version8.0 Updatecumulative_release9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.115 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@hcl.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.