CVE-2019-4409: XSS
First published: Fri Oct 18 2019(Updated: )
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entered file name. If the file name is not escaped in the returned error page, it could expose a cross-site scripting (XSS) vulnerability.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Traveler | <10.0.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-4409?
CVE-2019-4409 is a vulnerability in HCL Traveler versions 9.x and earlier that allows for cross-site scripting attacks.
How severe is CVE-2019-4409?
CVE-2019-4409 has a severity rating of 5.4 (medium).
Which software versions are affected by CVE-2019-4409?
HCL Traveler versions 9.x and earlier are affected by CVE-2019-4409.
What is the Common Weakness Enumeration (CWE) for CVE-2019-4409?
The Common Weakness Enumeration (CWE) for CVE-2019-4409 is CWE-79 (Improper Neutralization of Input During Web Page Generation).
How can I fix CVE-2019-4409?
To fix CVE-2019-4409, update HCL Traveler to version 10.0.0.0 or later.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/hcltech
- canonical/hcltech traveler