Stored Cross-Site Scripting Vulnerability in HCL iNotes
CVE-2020-14271

6.1MEDIUM

Key Information:

Vendor
CVE Published:
18 December 2020

Summary

HCL iNotes versions 9, 10, and 11 are affected by a Stored Cross-Site Scripting vulnerability resulting from improper management of message content. An attacker, without the need for authentication, can exploit this issue by crafting malicious markup. This exploit allows the attacker to execute scripts in the context of a victim's web browser while accessing the site, posing a risk of stealing cookie-based authentication credentials and compromising user privacy.

Affected Version(s)

HCL iNotes v9, v10, v11

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.