Cross-Site Scripting Vulnerability in HCL iNotes
CVE-2017-1659

6.1MEDIUM

Key Information:

Vendor: IBM
Status: "hcl Inotes"
Vendor: CVE Published:; 1 July 2020

Summary

HCL iNotes has a vulnerability that allows for Cross-Site Scripting (XSS) attacks. This vulnerability could be exploited by an attacker to inject malicious scripts into web pages viewed by users. By leveraging this flaw, the attacker can interact with users' sessions and potentially capture sensitive cookie-based authentication credentials, leading to unauthorized access to user accounts.

Affected Version(s)

"HCL iNotes" "Releases previous to version 9.0.1 FP10 are impacted by this vulnerability. Versions 10 and above are not impacted."

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 1, 2020
Vulnerability Reserved
Nov 30, 2016