Vulnerability Details CVE-2020-14271
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-14271
-
cpe:2.3:a:hcltech:hcl_inotes:10.0
-
cpe:2.3:a:hcltech:hcl_inotes:10.0.1
-
cpe:2.3:a:hcltech:hcl_inotes:11.0.0
-
cpe:2.3:a:hcltech:hcl_inotes:11.0.1
-
cpe:2.3:a:hcltech:hcl_inotes:9.0.1