CVE-2020-14271

Summary

HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.

Affected Software

VendorProductVersion RangeStatus
n/aHCL iNotesv9, v10, v11affected

Weaknesses

  • Cross-site scripting

ADP Enrichment

CVE Program Container

Additional References

References