CVE-2024-21838

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

Related Vulnerabilities

CVE-2013-4318

MEDIUM
CVSS:5.4(Medium)

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.

CWE-742013

CVE-2016-5013

MEDIUM
CVSS:5.4(Medium)

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.

CWE-742016

CVE-2017-1115

MEDIUM
CVSS:5.4(Medium)

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the securit...

CWE-742017

CVE-2017-1202

MEDIUM
CVSS:5.4(Medium)

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's ...

CWE-742017

CVE-2018-1549

MEDIUM
CVSS:5.4(Medium)

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL t...

CWE-742018

CVE-2018-1896

MEDIUM
CVSS:5.4(Medium)

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

CWE-742018