Lucene search

HCLCVE-2022-27546

HistoryAug 29, 2022 - 4:15 p.m.

CVE-2022-27546

2022-08-2916:15:08

CWE-79

HCL

web.nvd.nist.gov

hcl inotes

reflected xss

cve-2022-27546

security vulnerability

nvd

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

42.6%

JSON

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s web browser within the security context of the hosting web site and/or steal the victim’s cookie-based authentication credentials.

Affected configurations

Nvd

Node

hcltechhcl_inotesMatch9.0.1-

hcltechhcl_inotesMatch9.0.1fixpack_10

hcltechhcl_inotesMatch9.0.1fixpack_3

hcltechhcl_inotesMatch9.0.1fixpack_4

hcltechhcl_inotesMatch9.0.1fixpack_5

hcltechhcl_inotesMatch9.0.1fixpack_6

hcltechhcl_inotesMatch9.0.1fixpack_7

hcltechhcl_inotesMatch9.0.1fixpack_8

hcltechhcl_inotesMatch9.0.1fixpack_9

hcltechhcl_inotesMatch10.0

hcltechhcl_inotesMatch10.0.1-

hcltechhcl_inotesMatch10.0.1fixpack_1

hcltechhcl_inotesMatch10.0.1fixpack_2

hcltechhcl_inotesMatch10.0.1fixpack_3

hcltechhcl_inotesMatch10.0.1fixpack_4

hcltechhcl_inotesMatch10.0.1fixpack_5

hcltechhcl_inotesMatch10.0.1fixpack_6

hcltechhcl_inotesMatch10.0.1fixpack_7

hcltechhcl_inotesMatch10.0.1fixpack_8

hcltechhcl_inotesMatch11.0

hcltechhcl_inotesMatch11.0.1-

hcltechhcl_inotesMatch11.0.1fixpack_1

hcltechhcl_inotesMatch11.0.1fixpack_2

hcltechhcl_inotesMatch11.0.1fixpack_3

hcltechhcl_inotesMatch11.0.1fixpack_4

hcltechhcl_inotesMatch11.0.1fixpack_5

hcltechhcl_inotesMatch12.0

hcltechhcl_inotesMatch12.0.1-

hcltechhcl_inotesMatch12.0.1fixpack_1

Node

hcltechdominoMatch9.0

hcltechdominoMatch9.0.1-

hcltechdominoMatch9.0.1fixpack_10

hcltechdominoMatch9.0.1fixpack_3

hcltechdominoMatch9.0.1fixpack_4

hcltechdominoMatch9.0.1fixpack_5

hcltechdominoMatch9.0.1fixpack_6

hcltechdominoMatch9.0.1fixpack_7

hcltechdominoMatch9.0.1fixpack_8

hcltechdominoMatch9.0.1fixpack_9

hcltechdominoMatch10.0

hcltechdominoMatch10.0.1-

hcltechdominoMatch10.0.1fixpack_1

hcltechdominoMatch10.0.1fixpack_2

hcltechdominoMatch10.0.1fixpack_3

hcltechdominoMatch10.0.1fixpack_4

hcltechdominoMatch10.0.1fixpack_5

hcltechdominoMatch10.0.1fixpack_6

hcltechdominoMatch10.0.1fixpack_7

hcltechdominoMatch10.0.1fixpack_8

hcltechdominoMatch11.0

hcltechdominoMatch11.0.1-

hcltechdominoMatch11.0.1fixpack_1

hcltechdominoMatch11.0.1fixpack_2

hcltechdominoMatch11.0.1fixpack_3

hcltechdominoMatch11.0.1fixpack_4

hcltechdominoMatch11.0.1fixpack_5

hcltechdominoMatch12.0

hcltechdominoMatch12.0.1-

hcltechdominoMatch12.0.1fixpack_1

VendorProductVersionCPE
hcltechhcl_inotes9.0.1cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-:*:*:*:*:*:*
hcltechhcl_inotes9.0.1cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10:*:*:*:*:*:*
hcltechhcl_inotes9.0.1cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3:*:*:*:*:*:*
hcltechhcl_inotes9.0.1cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4:*:*:*:*:*:*
hcltechhcl_inotes9.0.1cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5:*:*:*:*:*:*
hcltechhcl_inotes9.0.1cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6:*:*:*:*:*:*
hcltechhcl_inotes9.0.1cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7:*:*:*:*:*:*
hcltechhcl_inotes9.0.1cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*
hcltechhcl_inotes9.0.1cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*
hcltechhcl_inotes10.0cpe:2.3:a:hcltech:hcl_inotes:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hcltech	hcl_inotes	9.0.1	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-::::::
hcltech	hcl_inotes	9.0.1	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10::::::
hcltech	hcl_inotes	9.0.1	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3::::::
hcltech	hcl_inotes	9.0.1	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4::::::
hcltech	hcl_inotes	9.0.1	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5::::::
hcltech	hcl_inotes	9.0.1	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6::::::
hcltech	hcl_inotes	9.0.1	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7::::::
hcltech	hcl_inotes	9.0.1	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8::::::
hcltech	hcl_inotes	9.0.1	cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9::::::
hcltech	hcl_inotes	10.0	cpe:2.3:a:hcltech:hcl_inotes:10.0:::::::*

Rows per page:

1-10 of 591

CNA Affected

[
  {
    "product": "HCL iNotes",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "9, 10, 11, 12"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216

Social References

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

42.6%

JSON

Related for CVE-2022-27546