CVE-2024-21838

MEDIUM

Gallagher Command Centre < 8.60 - HTML Injection in Email Generation Feature

Title source: llm

Description

Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

References (1)

Core 1

Core References

Vendor Advisory

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838

Scores

CVSS v3 6.8

EPSS 0.0030

EPSS Percentile 22.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-79

Status published

Products (1)

gallagher/command_centre < 8.60

Published Mar 05, 2024

Tracked Since Feb 18, 2026