Reflected XSS Vulnerability in HCL iNotes
CVE-2025-0248

8.1HIGH

Key Information:

Vendor: HCL Software Software
Status: Inotes
Vendor: CVE Published:; 25 November 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-0248?

HCL iNotes is vulnerable to a Reflected Cross-site Scripting (XSS) flaw due to insufficient validation of user-input data. This allows remote attackers to craft malicious URLs that can execute arbitrary scripts in the web browsers of unsuspecting users. Exploiting this vulnerability may enable attackers to steal cookie-based authentication credentials, compromising user sessions and potentially leading to further attacks within the security context of the affected site.

Affected Version(s)

iNotes <12.0.2 FP6, <14.0 FP4

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2025
Vulnerability Reserved
Jan 6, 2025

JSON