355 matches found
Spoofing
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking...
Cross site scripting
HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...
Default credentials
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc...
CVE-2022-27558
CVE-2022-27558 concerns HCL iNotes with a broken Password Strength Check, where custom password policies are not enforced on certain iNotes forms. The root cause, as described, is that password strength/policy enforcement may be bypassed, allowing users to set weak passwords and potentially enabl...
CVE-2022-27558 HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking...
CVE-2022-27547
CVE-2022-27547 affects HCL iNotes (linked through non-existent domains) enabling an attacker to trick users into revealing sensitive information (e.g., credentials, payment data). The connected sources corroborate a domain-link-based abuse and cite iNotes/Domino as the impacted software, with no ...
CVE-2022-27547 HCL iNotes is susceptible to a link to non-existent domain vulnerability.
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc...
CVE-2022-27546 HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability
HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...
CVE-2022-27546
CVE-2022-27546 affects HCL iNotes with a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input in a form POST request. A remote attacker could lure a victim to a specially-crafted URL to run script in the site’s context and potentially steal cooki...
PT-2022-18482 · Hcl · Hcl Notes
Name of the Vulnerable Software and Affected Versions: HCL iNotes affected versions not specified Description: The issue concerns a Broken Password Strength Checks problem. Custom password policies are not enforced on certain iNotes forms, which could allow users to set weak passwords. This...
PT-2022-18477 · Hcl · Hcl Notes
Name of the Vulnerable Software and Affected Versions: HCL iNotes affected versions not specified Description: The issue is caused by improper validation of user-supplied input in a form POST request, leading to a Reflected Cross-site Scripting XSS vulnerability. A remote attacker could exploit...
PT-2022-18478 · Hcl · Hcl Notes
Name of the Vulnerable Software and Affected Versions: HCL iNotes affected versions not specified Description: The issue allows an attacker to trick a user into supplying sensitive information, such as username, password, or credit card numbers, by exploiting a link to a non-existent domain...
HCL Technologies HCL Domino 输入验证错误漏洞
HCL Technologies HCL Domino is a software application from HCL Technologies, India. It provides a platform for application development. A security vulnerability exists in HCL Domino, which can be exploited by an attacker to bypass access restrictions on HCL Domino data iNotes, by linking through...
HCL Technologies HCL Domino 安全漏洞
HCL Technologies HCL Domino is a software application from HCL Technologies, India. It provides a platform for application development. A security vulnerability exists in HCL Domino, which can be exploited by an attacker to bypass the restrictions of HCL Domino | iNotes and pass the password...
CVE-2022-27558
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking...
CVE-2022-27546
HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...
CVE-2022-27547
HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc...
HCL iNotes Tag Phishing Vulnerability
HCL iNotes is a browsing client for accessing HCLDomino mail, contacts, calendar, scheduling and collaboration features. A label phishing vulnerability exists in HCL iNotes. The vulnerability stems from improper validation of email content. A remote, unauthenticated attacker could exploit the...
CVE-2020-14225
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack...
Spoofing
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack...