CVE-2025-0248

Name of the Vulnerable Software and Affected Versions HCL iNotes (affected versions not specified)

Description HCL iNotes is affected by a Reflected Cross-site Scripting (XSS) issue due to insufficient validation of user-provided input. An unauthenticated attacker can create a malicious URL that, when accessed by a victim, allows for the execution of scripts within the victim’s browser, potentially leading to the theft of cookie-based authentication credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.