{"containers": {"cna": {"affected": [{"product": "HCL iNotes", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "9, 10, 11, 12"}]}], "datePublic": "2022-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-29T16:00:24", "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@hcl.com", "DATE_PUBLIC": "2022-08-24T20:18:00.000Z", "ID": "CVE-2022-27546", "STATE": "PUBLIC", "TITLE": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HCL iNotes", "version": {"version_data": [{"version_value": "9, 10, 11, 12"}]}}]}, "vendor_name": "HCL Software"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216", "refsource": "MISC", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:59.932Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216"}]}]}, "cveMetadata": {"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "assignerShortName": "HCL", "cveId": "CVE-2022-27546", "datePublished": "2022-08-29T16:00:24.786067Z", "dateReserved": "2022-03-21T00:00:00", "dateUpdated": "2024-09-17T03:39:06.738Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "208ABCA3-9B6B-4EEB-82AB-63E51B0694C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_10:*:*:*:*:*:*", "matchCriteriaId": "EF0007DB-2AC2-481C-AE80-520BF47182D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_3:*:*:*:*:*:*", "matchCriteriaId": "17D094C3-FBE2-4890-87AE-F1DB22564B53", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_4:*:*:*:*:*:*", "matchCriteriaId": "ABED4B62-2D70-4693-8195-639D9E013AAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_5:*:*:*:*:*:*", "matchCriteriaId": "FB3D516A-593C-42E8-A9BC-0F7FEF17CD6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_6:*:*:*:*:*:*", "matchCriteriaId": "3432DA33-2147-47B9-9F8E-4CD12AF73B76", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_7:*:*:*:*:*:*", "matchCriteriaId": "D8436BBE-224D-4E6A-B8D1-C778749B7EA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_8:*:*:*:*:*:*", "matchCriteriaId": "4775916C-8806-41FD-9B82-D6D0163BB0F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:9.0.1:fixpack_9:*:*:*:*:*:*", "matchCriteriaId": "A952F356-3A08-4A19-B716-03A7CD46C68E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "028F0C13-A975-4DAE-B578-40AFA7FABEE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "6DB5111E-B70F-475F-A23D-DF08FD1AB97E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_1:*:*:*:*:*:*", "matchCriteriaId": "C1D927FD-BD55-4FD4-9212-C8108B69D7ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_2:*:*:*:*:*:*", "matchCriteriaId": "1D8203EA-5986-47EB-AB05-EFE068C3B34C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_3:*:*:*:*:*:*", "matchCriteriaId": "BACEE95B-6B63-4734-97A9-2CAEEFA01187", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_4:*:*:*:*:*:*", "matchCriteriaId": "7240C49C-F627-4C24-BF8D-35D9E32CA7EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_5:*:*:*:*:*:*", "matchCriteriaId": "A030CB7F-B219-4497-8A87-46BA5A2038F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_6:*:*:*:*:*:*", "matchCriteriaId": "2CBADD58-2E61-48D0-A1B8-1C725FCD907D", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_7:*:*:*:*:*:*", "matchCriteriaId": "18A495DC-905C-4421-A6FE-EF6655098DA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:10.0.1:fixpack_8:*:*:*:*:*:*", "matchCriteriaId": "BD32C7F1-9B97-47DF-A09C-766DC5D58164", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "BECB00A0-AD89-4E44-B758-45AA5C596018", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "2433DEDD-8650-4B01-85B9-92F5D1446030", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_1:*:*:*:*:*:*", "matchCriteriaId": "054C377C-7B4E-4825-B567-D85232EEDF09", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_2:*:*:*:*:*:*", "matchCriteriaId": "C1BFC253-23A1-42BE-A786-12D8A51862F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_3:*:*:*:*:*:*", "matchCriteriaId": "85C8610A-7365-4B3C-AACD-932A9EEF3F75", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_4:*:*:*:*:*:*", "matchCriteriaId": "1BDDC0D0-D7C2-4487-AEB1-39B40DAC68CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:11.0.1:fixpack_5:*:*:*:*:*:*", "matchCriteriaId": "00BC19F7-8098-43D4-97C3-8CA1A63A94B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B897EE8-EFCD-4D1C-9B83-96BDB596DF52", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "9CD07D2A-E283-48C8-B110-95D656CF953A", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_inotes:12.0.1:fixpack_1:*:*:*:*:*:*", "matchCriteriaId": "3AF3FF6F-3E3F-44D5-9B8F-E0784A5B376F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:domino:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F1C7C9C-2F6E-4A82-BC16-B04E53B11E20", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "4E0BF886-B732-4210-82AA-4D2B3F77132B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_10:*:*:*:*:*:*", "matchCriteriaId": "866FCD8A-56FE-4D00-A9F6-F83D3400CF91", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_3:*:*:*:*:*:*", "matchCriteriaId": "9F8486D8-494D-45B0-8447-F1EDB8C2F8A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_4:*:*:*:*:*:*", "matchCriteriaId": "19CC1B88-ED3D-4AD0-8B06-C75D198E1BB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_5:*:*:*:*:*:*", "matchCriteriaId": "C76546DF-A75A-489C-80D8-D1372F2FF586", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_6:*:*:*:*:*:*", "matchCriteriaId": "C49C0CA8-485E-4748-A5D5-C3B5FF98381E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_7:*:*:*:*:*:*", "matchCriteriaId": "2C1D2585-833B-4A5A-AAF3-3215C52FE73A", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_8:*:*:*:*:*:*", "matchCriteriaId": "AAAE216E-780B-48A7-89D9-6FB8E799B78C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:9.0.1:fixpack_9:*:*:*:*:*:*", "matchCriteriaId": "A44BBF13-7FCF-4CD9-8EA7-C20CA701B8BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "908469B9-3B65-400D-A043-6B907B6151EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "EC5EB2B8-9B48-4E9B-9726-71E4A6CCFA99", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_1:*:*:*:*:*:*", "matchCriteriaId": "D81AF106-7E8D-4B32-8F63-BD361E2E9508", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_2:*:*:*:*:*:*", "matchCriteriaId": "67E40E37-09A5-4BBD-9602-3B72B9A3885F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_3:*:*:*:*:*:*", "matchCriteriaId": "656627F5-4DE4-41FE-9A6E-34D45C6B2639", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_4:*:*:*:*:*:*", "matchCriteriaId": "37E5C137-6124-4543-83BC-12BE6BB20309", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_5:*:*:*:*:*:*", "matchCriteriaId": "0F7DE084-A236-4ED8-B8A9-EBE2D0ACF580", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_6:*:*:*:*:*:*", "matchCriteriaId": "907DF79A-A607-4F3A-9C7E-1FB028B34001", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_7:*:*:*:*:*:*", "matchCriteriaId": "9EA72598-85D1-4341-A865-1E6E278F4185", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:10.0.1:fixpack_8:*:*:*:*:*:*", "matchCriteriaId": "0CC3C391-12CB-4DDB-B33E-A2020A738EA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F7B561B-79F9-45E1-901F-B0976DD7C9AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "6D792E4C-170B-4E6E-8808-EFDB3DF42417", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_1:*:*:*:*:*:*", "matchCriteriaId": "479BE6F6-9947-4261-8685-E6357ED90CD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_2:*:*:*:*:*:*", "matchCriteriaId": "C63BD98F-1ADD-494D-B05A-45B86351F0D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_3:*:*:*:*:*:*", "matchCriteriaId": "51F750D7-3CE2-48CA-8D13-006E9CA3E383", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_4:*:*:*:*:*:*", "matchCriteriaId": "93202EFB-89DD-49B1-9E29-77145F6A43F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:11.0.1:fixpack_5:*:*:*:*:*:*", "matchCriteriaId": "B65E88C8-173C-40BE-87A3-E3512EBB7C9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "09FF8200-5500-420F-93DF-7F7708E76300", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "1A3A3354-D9B3-43CA-8BB1-D9F3E73FD6F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:domino:12.0.1:fixpack_1:*:*:*:*:*:*", "matchCriteriaId": "1841C21B-AA17-403F-B054-8C1FF8208173", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials."}, {"lang": "es", "value": "HCL iNotes es susceptible de sufrir una vulnerabilidad de tipo Cross-site Scripting (XSS) Reflejado causada por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario con una petici\u00f3n de formulario POST. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad usando una URL especialmente dise\u00f1ada para ejecutar un script en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio web anfitri\u00f3n y/o robar las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima"}], "id": "CVE-2022-27546", "lastModified": "2022-09-01T20:53:22.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2022-08-29T16:15:08.443", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100216"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}