{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21788", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2026-01-05T16:08:02.277Z", "datePublished": "2026-03-19T08:44:21.005Z", "dateUpdated": "2026-03-19T13:30:30.937Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-19T08:44:21.005Z"}, "title": "HCL Connections is vulnerable to cross-site scripting (XSS)", "datePublic": "2026-03-19T08:40:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')", "type": "CWE"}]}], "affected": [{"vendor": "HCLSoftware", "product": "Connections", "versions": [{"status": "affected", "version": "8"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.\u00a0 This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.  This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129107"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T13:30:24.739932Z", "id": "CVE-2026-21788", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:30:30.937Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21788", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T13:30:24.739932Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:30:27.542Z"}}], "cna": {"title": "HCL Connections is vulnerable to cross-site scripting (XSS)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCLSoftware", "product": "Connections", "versions": [{"status": "affected", "version": "8"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-19T08:40:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129107"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.\u00a0 This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.", "supportingMedia": [{"type": "text/html", "value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.  This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-19T08:44:21.005Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21788", "state": "PUBLISHED", "dateUpdated": "2026-03-19T13:30:30.937Z", "dateReserved": "2026-01-05T16:08:02.277Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-03-19T08:44:21.005Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*", "matchCriteriaId": "65CA8438-B6A6-4B36-826D-8625AACBC8FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*", "matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release10:*:*:*:*:*:*", "matchCriteriaId": "718ED7EC-3899-448D-B661-39463F5F71D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release11:*:*:*:*:*:*", "matchCriteriaId": "FFA414A1-C353-427F-B4EC-ED5BFC13EAF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release12:*:*:*:*:*:*", "matchCriteriaId": "5A5A7E4B-9BDE-432E-8FAB-7CD8F1A2A81A", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*", "matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*", "matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*", "matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*", "matchCriteriaId": "8948C358-B168-45E3-BC9F-E5DA4DD56203", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*", "matchCriteriaId": "C6879F00-1C87-44A6-83DF-A1DC80A85A88", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:*", "matchCriteriaId": "28450E88-8377-4B0D-9383-B34C9EF28CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release8:*:*:*:*:*:*", "matchCriteriaId": "13C3274C-0784-4C88-9A2D-D7AAE3D9FC2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release9:*:*:*:*:*:*", "matchCriteriaId": "F3848284-F133-4B35-AC04-9E4FFB17EDF8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.\u00a0 This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks."}], "id": "CVE-2026-21788", "lastModified": "2026-03-19T18:42:41.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2026-03-19T09:16:16.950", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129107"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 81.0, "source": "matching"}]}, "original": {"product": "Connections", "source": "cna", "vendor": "HCLSoftware"}, "product": "connections", "vendor": "hcltech"}], "analysis": {"en": {"generated_at": "2026-03-19T19:21:22.072443+00:00", "value": {"mitigation_remediation": ["Review the HCL Advisory KB0129107 and apply the latest patch or upgrade to a fixed version of HCL Connections 8.0", "If a patch cannot be applied immediately, disable or restrict any features or input paths that allow user\u2011supplied data to be rendered without proper sanitization", "Monitor for signs of XSS exploitation via security logs or user reports to detect early compromise"], "summary": {"action": "Immediate Patch", "impact": "Cross-site scripting enabling arbitrary script execution and theft of authentication credentials"}, "threat_synthesis": {"affected_systems": "Affected systems include HCL Software\u2019s Connections product version 8.0 and all its cumulative releases 1 through 12, as enumerated by the provided CPE strings. Any installation of HCL Connections 8.0 in these releases is susceptible to the XSS vulnerability.", "description_and_impact": "HCL Connections is vulnerable to a cross-site scripting (XSS) flaw that allows an attacker to inject and execute arbitrary script code in the browser of an unsuspecting user. By doing so, the attacker can steal cookie\u2011based authentication credentials, compromise the user\u2019s account, and potentially launch additional attacks from that compromised session. The vulnerability arises from insufficient input validation leading to unauthenticated script execution, a classic XSS weakness (CWE\u201179).", "risk_and_exploitability": "The CVSS score of 5.4 indicates a medium\u2011to\u2011high severity impact, with an EPSS score of less than 1% suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attack vector is inferred to be web\u2011based, as the flaw is triggered by crafted HTTP requests to the HCL Connections web interface, leading to client\u2011side script execution. Given the aforementioned data, organizations using these versions should evaluate the risk promptly."}}}}, "created": "2026-03-20T08:56:58.534327+00:00", "updated": "2026-03-20T14:15:10.604073+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$connections"]}