CVE-2022-27546

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.

Published: Aug 29, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-27546
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
hcltech / hcl_inotes	11.0.1	11.0.1.x
hcltech / hcl_inotes	10.0.1	10.0.1.x
hcltech / hcl_inotes	9.0.1-fixpack_7	9.0.1-fixpack_7.x
hcltech / hcl_inotes	9.0.1-fixpack_8	9.0.1-fixpack_8.x
hcltech / hcl_inotes	9.0.1-fixpack_9	9.0.1-fixpack_9.x
hcltech / hcl_inotes	10.0	10.0.x
hcltech / hcl_inotes	10.0.1-fixpack_1	10.0.1-fixpack_1.x
hcltech / hcl_inotes	10.0.1-fixpack_2	10.0.1-fixpack_2.x
hcltech / hcl_inotes	10.0.1-fixpack_3	10.0.1-fixpack_3.x
hcltech / hcl_inotes	10.0.1-fixpack_4	10.0.1-fixpack_4.x
hcltech / hcl_inotes	10.0.1-fixpack_5	10.0.1-fixpack_5.x
hcltech / hcl_inotes	10.0.1-fixpack_6	10.0.1-fixpack_6.x
hcltech / hcl_inotes	10.0.1-fixpack_7	10.0.1-fixpack_7.x
hcltech / hcl_inotes	10.0.1-fixpack_8	10.0.1-fixpack_8.x
hcltech / hcl_inotes	11.0	11.0.x
hcltech / hcl_inotes	11.0.1-fixpack_1	11.0.1-fixpack_1.x
hcltech / hcl_inotes	11.0.1-fixpack_2	11.0.1-fixpack_2.x
hcltech / hcl_inotes	11.0.1-fixpack_3	11.0.1-fixpack_3.x
hcltech / hcl_inotes	11.0.1-fixpack_4	11.0.1-fixpack_4.x
hcltech / hcl_inotes	11.0.1-fixpack_5	11.0.1-fixpack_5.x
hcltech / hcl_inotes	12.0	12.0.x
hcltech / hcl_inotes	12.0.1	12.0.1.x
hcltech / hcl_inotes	12.0.1-fixpack_1	12.0.1-fixpack_1.x
hcltech / hcl_inotes	9.0.1-fixpack_6	9.0.1-fixpack_6.x
hcltech / hcl_inotes	9.0.1-fixpack_5	9.0.1-fixpack_5.x
hcltech / hcl_inotes	9.0.1-fixpack_4	9.0.1-fixpack_4.x
hcltech / hcl_inotes	9.0.1-fixpack_3	9.0.1-fixpack_3.x
hcltech / hcl_inotes	9.0.1-fixpack_10	9.0.1-fixpack_10.x
hcltech / hcl_inotes	9.0.1	9.0.1.x
hcltech / domino	10.0.1	10.0.1.x
hcltech / domino	9.0.1	9.0.1.x
hcltech / domino	11.0	11.0.x
hcltech / domino	11.0.1	11.0.1.x
hcltech / domino	9.0	9.0.x
hcltech / domino	10.0	10.0.x
hcltech / domino	9.0.1-fixpack_10	9.0.1-fixpack_10.x
hcltech / domino	9.0.1-fixpack_3	9.0.1-fixpack_3.x
hcltech / domino	9.0.1-fixpack_4	9.0.1-fixpack_4.x
hcltech / domino	9.0.1-fixpack_5	9.0.1-fixpack_5.x
hcltech / domino	9.0.1-fixpack_6	9.0.1-fixpack_6.x
hcltech / domino	9.0.1-fixpack_7	9.0.1-fixpack_7.x
hcltech / domino	9.0.1-fixpack_8	9.0.1-fixpack_8.x
hcltech / domino	9.0.1-fixpack_9	9.0.1-fixpack_9.x
hcltech / domino	10.0.1-fixpack_1	10.0.1-fixpack_1.x
hcltech / domino	10.0.1-fixpack_2	10.0.1-fixpack_2.x
hcltech / domino	10.0.1-fixpack_3	10.0.1-fixpack_3.x
hcltech / domino	10.0.1-fixpack_4	10.0.1-fixpack_4.x
hcltech / domino	10.0.1-fixpack_5	10.0.1-fixpack_5.x
hcltech / domino	10.0.1-fixpack_6	10.0.1-fixpack_6.x
hcltech / domino	10.0.1-fixpack_7	10.0.1-fixpack_7.x
hcltech / domino	10.0.1-fixpack_8	10.0.1-fixpack_8.x
hcltech / domino	11.0.1-fixpack_1	11.0.1-fixpack_1.x
hcltech / domino	11.0.1-fixpack_2	11.0.1-fixpack_2.x
hcltech / domino	11.0.1-fixpack_3	11.0.1-fixpack_3.x
hcltech / domino	11.0.1-fixpack_4	11.0.1-fixpack_4.x
hcltech / domino	11.0.1-fixpack_5	11.0.1-fixpack_5.x
hcltech / domino	12.0	12.0.x
hcltech / domino	12.0.1	12.0.1.x
hcltech / domino	12.0.1-fixpack_1	12.0.1-fixpack_1.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216

Vulnerability Database

289,784

CVE-2022-27546