Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Gallagher
Published: 2024-03-05T03:11:55.586Z
Updated: 2024-06-04T17:38:11.847Z
Reserved: 2024-02-05T04:16:47.986Z
Link: CVE-2024-21838
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-03-05T03:15:06.280
Modified: 2024-03-05T13:41:01.900
Link: CVE-2024-21838
JSON object: View
Redhat Information
No data.
CWE