Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information.
Vulnerability Description
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
HCL Technologies Traveler Companion 跨站脚本漏洞
Vulnerability Description
HCL Technologies Traveler Companion是印度HCL Technologies公司的一款 ios Iphone 和 Ipad 应用程序。用于在 Apple 设备上阅读加密的 Hcl Notes 邮件。 HCL Technologies Traveler Companion 存在跨站脚本漏洞,该漏洞源于Traveler 管理网页中已批准应用程序的名称参数验证不当。攻击者可以利用此漏洞执行恶意脚本来访问浏览器保留并与该站点一起使用的任何 cookie、会话令牌或其他敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A