Lucene search

[email protected]NVD:CVE-2020-14271

HistoryDec 18, 2020 - 11:15 p.m.

CVE-2020-14271

2020-12-1823:15:13

CWE-79

[email protected]

web.nvd.nist.gov

hcl inotes

cross-site scripting

remote attacker

web browser

authentication credentials

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim’s web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials.

Affected configurations

Nvd

Node

hcltechhcl_inotesRange9.0–10.0.1

hcltechhcl_inotesRange11.0.0–11.0.1

hcltechhcl_inotesMatch10.0.1-

hcltechhcl_inotesMatch10.0.1fixpack1

hcltechhcl_inotesMatch10.0.1fixpack2

hcltechhcl_inotesMatch10.0.1fixpack3

hcltechhcl_inotesMatch10.0.1fixpack4

hcltechhcl_inotesMatch10.0.1fixpack5

hcltechhcl_inotesMatch11.0.1-

hcltechhcl_inotesMatch11.0.1fixpack1

VendorProductVersionCPE
hcltechhcl_inotes*cpe:2.3:a:hcltech:hcl_inotes:*:*:*:*:*:*:*:*
hcltechhcl_inotes10.0.1cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*
hcltechhcl_inotes10.0.1cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1:*:*:*:*:*:*
hcltechhcl_inotes10.0.1cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2:*:*:*:*:*:*
hcltechhcl_inotes10.0.1cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3:*:*:*:*:*:*
hcltechhcl_inotes10.0.1cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4:*:*:*:*:*:*
hcltechhcl_inotes10.0.1cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack5:*:*:*:*:*:*
hcltechhcl_inotes11.0.1cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*
hcltechhcl_inotes11.0.1cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1:*:*:*:*:*:*

Vendor	Product	Version	CPE
hcltech	hcl_inotes	*	cpe:2.3:a:hcltech:hcl_inotes::::::::
hcltech	hcl_inotes	10.0.1	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-::::::
hcltech	hcl_inotes	10.0.1	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack1::::::
hcltech	hcl_inotes	10.0.1	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack2::::::
hcltech	hcl_inotes	10.0.1	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack3::::::
hcltech	hcl_inotes	10.0.1	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack4::::::
hcltech	hcl_inotes	10.0.1	cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack5::::::
hcltech	hcl_inotes	11.0.1	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-::::::
hcltech	hcl_inotes	11.0.1	cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack1::::::

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085892

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

Related for NVD:CVE-2020-14271

prion1 cvelist1 cve1