CVE-2026-21788

HCL Connections is vulnerable to cross-site scripting (XSS)

Description

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.

INFO

Published Date :

2026-03-19T08:44:21.005Z

Last Modified :

2026-03-19T13:30:30.937Z

Source :

HCL

AFFECTED PRODUCTS

The following products are affected by CVE-2026-21788 vulnerability.

Vendors	Products
Hcltech	Connections

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-21788.

URL	Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129107

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact