CVE-2026-21788
moderate-risk
Published 2026-03-19
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10
Medium
NETWORK
/ LOW complexity
Affected Products (13)
Affected Vendors
References (1)
38
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
17/34 · Moderate