Lucene search

[email protected]CVE-2020-14240

HistoryNov 05, 2020 - 5:15 p.m.

CVE-2020-14240

2020-11-0517:15:12

CWE-79

[email protected]

web.nvd.nist.gov

hcl notes

cve-2020-14240

stored xss

cross-site scripting

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

34.0%

JSON

HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials.

Affected configurations

NVD

Node

hcltechnotesRange9.0–9.0.1

hcltechnotesRange10.0–10.0.1

hcltechnotesRange11.0–11.0.1

hcltechnotesMatch9.0.1fp10

hcltechnotesMatch9.0.1fp10if1

hcltechnotesMatch9.0.1fp10if2

hcltechnotesMatch9.0.1fp10if3

hcltechnotesMatch9.0.1fp10if4

hcltechnotesMatch9.0.1fp10if5

hcltechnotesMatch9.0.1fp10if6

hcltechnotesMatch9.0.1fp10if7

hcltechnotesMatch9.0.1fp1if1

hcltechnotesMatch9.0.1fp1if2

hcltechnotesMatch9.0.1fp2if1

hcltechnotesMatch9.0.1fp2if2

hcltechnotesMatch9.0.1fp2if3

hcltechnotesMatch9.0.1fp2if4

hcltechnotesMatch9.0.1fp3if1

hcltechnotesMatch9.0.1fp3if2

hcltechnotesMatch9.0.1fp3if3

hcltechnotesMatch9.0.1fp3if4

hcltechnotesMatch9.0.1fp4if1

hcltechnotesMatch9.0.1fp4if2

hcltechnotesMatch9.0.1fp5if1

hcltechnotesMatch9.0.1fp5if2

hcltechnotesMatch9.0.1fp5if3

hcltechnotesMatch9.0.1fp7if1

hcltechnotesMatch9.0.1fp7if2

hcltechnotesMatch9.0.1fp8if1

hcltechnotesMatch9.0.1fp9if1

hcltechnotesMatch9.0.1fp9if2

hcltechnotesMatch10.0.1fp1

hcltechnotesMatch10.0.1fp2

hcltechnotesMatch10.0.1fp3

hcltechnotesMatch10.0.1fp4

hcltechnotesMatch10.0.1fp5

CPENameOperatorVersion
hcltech:noteshcltech notesle9.0.1
hcltech:noteshcltech notesle10.0.1
hcltech:noteshcltech notesle11.0.1

CPE	Name	Operator	Version
hcltech:notes	hcltech notes	le	9.0.1
hcltech:notes	hcltech notes	le	10.0.1
hcltech:notes	hcltech notes	le	11.0.1

CNA Affected

[
  {
    "product": "HCL Notes",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084789

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

34.0%

JSON

Related for CVE-2020-14240

nvd1 prion1 cvelist1