CVE-2026-21788

EUVD-2026-13075
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.  This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
hcltechconnections
8.0
hcltechconnections
8.0:cumulative_release1
hcltechconnections
8.0:cumulative_release10
hcltechconnections
8.0:cumulative_release11
hcltechconnections
8.0:cumulative_release12
hcltechconnections
8.0:cumulative_release2
hcltechconnections
8.0:cumulative_release3
hcltechconnections
8.0:cumulative_release4
hcltechconnections
8.0:cumulative_release5
hcltechconnections
8.0:cumulative_release6
hcltechconnections
8.0:cumulative_release7
hcltechconnections
8.0:cumulative_release8
hcltechconnections
8.0:cumulative_release9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129107