Cross site scripting

2020-12-1823:15:00

PRIOn knowledge base

www.prio-n.com

0.002 Low

EPSS

Percentile

51.6%

JSON

HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim’s web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials.

CPENameOperatorVersion
hcl_inoteseq10.0.1 fixpack1
hcl_inoteseq10.0.1 fixpack2
hcl_inoteseq10.0.1 fixpack3
hcl_inoteseq10.0.1 fixpack4
hcl_inoteseq10.0.1 fixpack5
hcl_inotesge11.0.0
hcl_inoteslt11.0.1
hcl_inoteseq11.0.1 fixpack1
hcl_inoteseq11.0.1
hcl_inoteseq10.0.1

Name	Operator	Version
hcl_inotes	eq	10.0.1 fixpack1
hcl_inotes	eq	10.0.1 fixpack2
hcl_inotes	eq	10.0.1 fixpack3
hcl_inotes	eq	10.0.1 fixpack4
hcl_inotes	eq	10.0.1 fixpack5
hcl_inotes	ge	11.0.0
hcl_inotes	lt	11.0.1
hcl_inotes	eq	11.0.1 fixpack1
hcl_inotes	eq	11.0.1
hcl_inotes	eq	10.0.1

Rows per page:

1-10 of 121

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085892

0.002 Low

EPSS

Percentile

51.6%

JSON

Related for PRION:CVE-2020-14271