Hcltech: >> Traveler >> 10.0.0.0 Security Vulnerabilities
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).
CVSS Score
7.5
EPSS Score
0.005
Published
2022-09-15
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-06-01