CVE-2024-21838 Information

Description

Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.

This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2) 8.90 prior to vEL8.90.1751 (MR3) 8.80 prior to vEL8.80.1526 (MR4) 8.70 prior to vEL8.70.2526 (MR6)  all version of 8.60 and prior.

Reference

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838