Vulnerability Details CVE-2022-27546
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.7%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2022-27546
-
cpe:2.3:a:hcltech:domino:10.0
-
cpe:2.3:a:hcltech:domino:10.0.1
-
cpe:2.3:a:hcltech:domino:11.0
-
cpe:2.3:a:hcltech:domino:11.0.1
-
cpe:2.3:a:hcltech:domino:12.0
-
cpe:2.3:a:hcltech:domino:12.0.1
-
cpe:2.3:a:hcltech:domino:9.0
-
cpe:2.3:a:hcltech:domino:9.0.1
-
cpe:2.3:a:hcltech:hcl_inotes:10.0
-
cpe:2.3:a:hcltech:hcl_inotes:10.0.1
-
cpe:2.3:a:hcltech:hcl_inotes:11.0
-
cpe:2.3:a:hcltech:hcl_inotes:11.0.1
-
cpe:2.3:a:hcltech:hcl_inotes:12.0
-
cpe:2.3:a:hcltech:hcl_inotes:12.0.1
-
cpe:2.3:a:hcltech:hcl_inotes:9.0.1