CVE-2022-27546

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
HCLCNA
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
hcltechhcl_inotes
9.0.1
hcltechhcl_inotes
9.0.1:fixpack_10
hcltechhcl_inotes
9.0.1:fixpack_3
hcltechhcl_inotes
9.0.1:fixpack_4
hcltechhcl_inotes
9.0.1:fixpack_5
hcltechhcl_inotes
9.0.1:fixpack_6
hcltechhcl_inotes
9.0.1:fixpack_7
hcltechhcl_inotes
9.0.1:fixpack_8
hcltechhcl_inotes
9.0.1:fixpack_9
hcltechhcl_inotes
10.0
hcltechhcl_inotes
10.0.1
hcltechhcl_inotes
10.0.1:fixpack_1
hcltechhcl_inotes
10.0.1:fixpack_2
hcltechhcl_inotes
10.0.1:fixpack_3
hcltechhcl_inotes
10.0.1:fixpack_4
hcltechhcl_inotes
10.0.1:fixpack_5
hcltechhcl_inotes
10.0.1:fixpack_6
hcltechhcl_inotes
10.0.1:fixpack_7
hcltechhcl_inotes
10.0.1:fixpack_8
hcltechhcl_inotes
11.0
hcltechhcl_inotes
11.0.1
hcltechhcl_inotes
11.0.1:fixpack_1
hcltechhcl_inotes
11.0.1:fixpack_2
hcltechhcl_inotes
11.0.1:fixpack_3
hcltechhcl_inotes
11.0.1:fixpack_4
hcltechhcl_inotes
11.0.1:fixpack_5
hcltechhcl_inotes
12.0
hcltechhcl_inotes
12.0.1
hcltechhcl_inotes
12.0.1:fixpack_1
hcltechdomino
9.0
hcltechdomino
9.0.1
hcltechdomino
9.0.1:fixpack_10
hcltechdomino
9.0.1:fixpack_3
hcltechdomino
9.0.1:fixpack_4
hcltechdomino
9.0.1:fixpack_5
hcltechdomino
9.0.1:fixpack_6
hcltechdomino
9.0.1:fixpack_7
hcltechdomino
9.0.1:fixpack_8
hcltechdomino
9.0.1:fixpack_9
hcltechdomino
10.0
hcltechdomino
10.0.1
hcltechdomino
10.0.1:fixpack_1
hcltechdomino
10.0.1:fixpack_2
hcltechdomino
10.0.1:fixpack_3
hcltechdomino
10.0.1:fixpack_4
hcltechdomino
10.0.1:fixpack_5
hcltechdomino
10.0.1:fixpack_6
hcltechdomino
10.0.1:fixpack_7
hcltechdomino
10.0.1:fixpack_8
hcltechdomino
11.0
hcltechdomino
11.0.1
hcltechdomino
11.0.1:fixpack_1
hcltechdomino
11.0.1:fixpack_2
hcltechdomino
11.0.1:fixpack_3
hcltechdomino
11.0.1:fixpack_4
hcltechdomino
11.0.1:fixpack_5
hcltechdomino
12.0
hcltechdomino
12.0.1
hcltechdomino
12.0.1:fixpack_1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216