CVE-2026-21788

MEDIUM 5.4

HCL Connections is vulnerable to cross-site scripting (XSS)

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.

CWE	CWE-79
Vendor	hclsoftware
Product	connections
Published	Mar 19, 2026
Last Updated	Mar 19, 2026

Stay Ahead of the Next One

Get instant alerts for hclsoftware connections

Be the first to know when new medium vulnerabilities affecting hclsoftware connections are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

HCLSoftware / Connections

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.hcl-software.com: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129107