Cross-Site Scripting Vulnerability in HCL Notes by HCL Software
CVE-2026-9007

5.5MEDIUM

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-9007?

A cross-site scripting (XSS) vulnerability in HCL Notes due to improper input neutralization during web page generation allows attackers to execute arbitrary JavaScript in the context of another user. This potential exploitation can lead to unauthorized actions being taken on behalf of users, exposing sensitive information and compromising user accounts.

Affected Version(s)

HCL Notes Release 12.0.2FP5HF8 on Linux 4.18.0-553.52.1.el8_10.x64_64#1

References

CVSS V4

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Julien BLOMMAERT
.