CVE-2026-21788
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
19/03/2026
Last modified:
19/03/2026
Description
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release10:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release11:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release12:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release8:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:connections:8.0:cumulative_release9:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page