8.3

CVE-2022-27546

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.

Data is provided by the National Vulnerability Database (NVD)
HcltechHcl Inotes Version9.0.1 Update-
HcltechHcl Inotes Version9.0.1 Updatefixpack_10
HcltechHcl Inotes Version9.0.1 Updatefixpack_3
HcltechHcl Inotes Version9.0.1 Updatefixpack_4
HcltechHcl Inotes Version9.0.1 Updatefixpack_5
HcltechHcl Inotes Version9.0.1 Updatefixpack_6
HcltechHcl Inotes Version9.0.1 Updatefixpack_7
HcltechHcl Inotes Version9.0.1 Updatefixpack_8
HcltechHcl Inotes Version9.0.1 Updatefixpack_9
HcltechHcl Inotes Version10.0
HcltechHcl Inotes Version10.0.1 Update-
HcltechHcl Inotes Version10.0.1 Updatefixpack_1
HcltechHcl Inotes Version10.0.1 Updatefixpack_2
HcltechHcl Inotes Version10.0.1 Updatefixpack_3
HcltechHcl Inotes Version10.0.1 Updatefixpack_4
HcltechHcl Inotes Version10.0.1 Updatefixpack_5
HcltechHcl Inotes Version10.0.1 Updatefixpack_6
HcltechHcl Inotes Version10.0.1 Updatefixpack_7
HcltechHcl Inotes Version10.0.1 Updatefixpack_8
HcltechHcl Inotes Version11.0
HcltechHcl Inotes Version11.0.1 Update-
HcltechHcl Inotes Version11.0.1 Updatefixpack_1
HcltechHcl Inotes Version11.0.1 Updatefixpack_2
HcltechHcl Inotes Version11.0.1 Updatefixpack_3
HcltechHcl Inotes Version11.0.1 Updatefixpack_4
HcltechHcl Inotes Version11.0.1 Updatefixpack_5
HcltechHcl Inotes Version12.0
HcltechHcl Inotes Version12.0.1 Update-
HcltechHcl Inotes Version12.0.1 Updatefixpack_1
HcltechDomino Version9.0
HcltechDomino Version9.0.1 Update-
HcltechDomino Version9.0.1 Updatefixpack_10
HcltechDomino Version9.0.1 Updatefixpack_3
HcltechDomino Version9.0.1 Updatefixpack_4
HcltechDomino Version9.0.1 Updatefixpack_5
HcltechDomino Version9.0.1 Updatefixpack_6
HcltechDomino Version9.0.1 Updatefixpack_7
HcltechDomino Version9.0.1 Updatefixpack_8
HcltechDomino Version9.0.1 Updatefixpack_9
HcltechDomino Version10.0
HcltechDomino Version10.0.1 Update-
HcltechDomino Version10.0.1 Updatefixpack_1
HcltechDomino Version10.0.1 Updatefixpack_2
HcltechDomino Version10.0.1 Updatefixpack_3
HcltechDomino Version10.0.1 Updatefixpack_4
HcltechDomino Version10.0.1 Updatefixpack_5
HcltechDomino Version10.0.1 Updatefixpack_6
HcltechDomino Version10.0.1 Updatefixpack_7
HcltechDomino Version10.0.1 Updatefixpack_8
HcltechDomino Version11.0
HcltechDomino Version11.0.1 Update-
HcltechDomino Version11.0.1 Updatefixpack_1
HcltechDomino Version11.0.1 Updatefixpack_2
HcltechDomino Version11.0.1 Updatefixpack_3
HcltechDomino Version11.0.1 Updatefixpack_4
HcltechDomino Version11.0.1 Updatefixpack_5
HcltechDomino Version12.0
HcltechDomino Version12.0.1 Update-
HcltechDomino Version12.0.1 Updatefixpack_1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.31% 0.532
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
psirt@hcl.com 8.3 2.8 5.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.