Cross-Site Scripting Vulnerability in HCL Traveler by HCL Technologies
CVE-2019-4409

5.4MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Traveler
Vendor: CVE Published:; 18 October 2019

🔔 Create HCL Software Vulnerability Alert

What is CVE-2019-4409?

HCL Traveler versions 9.x and earlier contain a vulnerability that may allow cross-site scripting (XSS) attacks. Specifically, when users submit an invalid file name on the Problem Report page of the Traveler servlet, the application returns an error message displaying the inputted file name. If this output is not properly sanitized, it can lead to the execution of malicious scripts in the context of other users' browsers, potentially compromising sensitive information and application security. Organizations using affected versions should prioritize applying fixes to mitigate these risks.

Affected Version(s)

HCL Traveler 9.x and earlier versions

References

https://hclpnpsupport.hcltech.com/csm?id=kb_article&syspa...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2019
Vulnerability Reserved
Jan 3, 2019