Stored Cross-Site Scripting Vulnerability in HCL iNotes
CVE-2020-14271

6.1MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Inotes
Vendor: CVE Published:; 18 December 2020

Summary

HCL iNotes versions 9, 10, and 11 are affected by a Stored Cross-Site Scripting vulnerability resulting from improper management of message content. An attacker, without the need for authentication, can exploit this issue by crafting malicious markup. This exploit allows the attacker to execute scripts in the context of a victim's web browser while accessing the site, posing a risk of stealing cookie-based authentication credentials and compromising user privacy.

Affected Version(s)

HCL iNotes v9, v10, v11

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2020
Vulnerability Reserved
Jun 17, 2020