PT-2020-13949 · Hcl · Hcl Notes

Published

2020-11-05

Updated

2020-11-19

CVE-2020-14240

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions HCL Notes versions prior to 9.0.1 FP10 IF8 HCL Notes versions prior to 10.0.1 FP6 HCL Notes versions prior to 11.0.1 FP1

Description The issue is a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.

Recommendations For versions prior to 9.0.1 FP10 IF8, update to 9.0.1 FP10 IF8 or later. For versions prior to 10.0.1 FP6, update to 10.0.1 FP6 or later. For versions prior to 11.0.1 FP1, update to 11.0.1 FP1 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-14240

Affected Products

Hcl Notes

PT-2020-13949 · Hcl · Hcl Notes

CVE-2020-14240

Weakness Enumeration

Related Identifiers

Affected Products

References · 5