CVE-2020-14271

Name of the Vulnerable Software and Affected Versions HCL iNotes versions 9 through 11

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.

Recommendations For versions 9 through 11, consider disabling the handling of message content temporarily until a patch is available to prevent exploitation of the Stored Cross-Site Scripting (XSS) vulnerability. Restrict access to sensitive areas of the web application to minimize the risk of exploitation. Avoid using potentially vulnerable markup in message content until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.