Cross-Site Scripting Vulnerability in HCL iNotes
CVE-2017-1659
6.1MEDIUM
Summary
HCL iNotes has a vulnerability that allows for Cross-Site Scripting (XSS) attacks. This vulnerability could be exploited by an attacker to inject malicious scripts into web pages viewed by users. By leveraging this flaw, the attacker can interact with users' sessions and potentially capture sensitive cookie-based authentication credentials, leading to unauthorized access to user accounts.
Affected Version(s)
"HCL iNotes" "Releases previous to version 9.0.1 FP10 are impacted by this vulnerability. Versions 10 and above are not impacted."
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved