anonhaven
Ad

CVE-2026-21788

MEDIUM CVSS 3.1: 5.4 EPSS 0.05%
Updated Mar 19, 2026
Hcltech
Parameter Value
CVSS 5.4 (MEDIUM)
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Hcltech
Public PoC No

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.  This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 13

Configuration From (including) Up to (excluding)
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release10:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release11:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release12:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release8:*:*:*:*:*:*
Hcltech Connections
cpe:2.3:a:hcltech:connections:8.0:cumulative_release9:*:*:*:*:*:*

References 1

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129107
psirt@hcl.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-21767

Hcltech

3.3

CVE-2026-21765

Hcltech

7.8

CVE-2025-55264

Hcltech

5.5

CVE-2025-55263

Hcltech

7.5

CVE-2025-55262

Hcltech

7.5