Cross-Site Scripting Vulnerability in HCL Notes by HCL Software
CVE-2026-9007
5.5MEDIUM
What is CVE-2026-9007?
A cross-site scripting (XSS) vulnerability in HCL Notes due to improper input neutralization during web page generation allows attackers to execute arbitrary JavaScript in the context of another user. This potential exploitation can lead to unauthorized actions being taken on behalf of users, exposing sensitive information and compromising user accounts.
Affected Version(s)
HCL Notes Release 12.0.2FP5HF8 on Linux 4.18.0-553.52.1.el8_10.x64_64#1
