cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-27546,https://securityvulnerability.io/vulnerability/CVE-2022-27546,HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability,HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.,Hcl Software,Hcl Inotes,8.3,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-08-29T16:15:00.000Z,0
CVE-2022-27547,https://securityvulnerability.io/vulnerability/CVE-2022-27547,HCL iNotes is susceptible to a link to non-existent domain vulnerability.,"HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.",Hcl Software,Hcl Inotes,6.1,MEDIUM,0.001500000013038516,false,,false,false,false,,,false,false,,2022-08-29T16:15:00.000Z,0
CVE-2022-27558,https://securityvulnerability.io/vulnerability/CVE-2022-27558,HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.,"HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.",Hcl Software,Hcl Inotes,5.9,MEDIUM,0.001500000013038516,false,,false,false,false,,,false,false,,2022-08-24T00:00:00.000Z,0
CVE-2020-14225,https://securityvulnerability.io/vulnerability/CVE-2020-14225,Tabnabbing Vulnerability in HCL iNotes,"HCL iNotes is impacted by a Tabnabbing vulnerability resulting from inadequate sanitization of message content. This flaw enables an unauthenticated remote attacker to craft malicious links that deceive users into entering their sensitive information, such as login credentials, through a phishing scheme. Users may unknowingly interact with these deceptive forms, posing considerable risks to account security and personal data integrity.",HCL Software,Hcl Inotes,6.5,MEDIUM,0.00203999993391335,false,,false,false,false,,,false,false,,2020-12-21T17:09:24.000Z,0
CVE-2020-14271,https://securityvulnerability.io/vulnerability/CVE-2020-14271,Stored Cross-Site Scripting Vulnerability in HCL iNotes,"HCL iNotes versions 9, 10, and 11 are affected by a Stored Cross-Site Scripting vulnerability resulting from improper management of message content. An attacker, without the need for authentication, can exploit this issue by crafting malicious markup. This exploit allows the attacker to execute scripts in the context of a victim's web browser while accessing the site, posing a risk of stealing cookie-based authentication credentials and compromising user privacy.",HCL Software,Hcl Inotes,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2020-12-18T22:08:33.000Z,0
CVE-2020-4126,https://securityvulnerability.io/vulnerability/CVE-2020-4126,Sensitive Cookie Exposure in HCL iNotes by HCL Technologies,"HCL iNotes is vulnerable to a sensitive cookie exposure issue that allows an unauthenticated remote attacker to capture sensitive cookies by intercepting their transmission over HTTP sessions. This exposes users to the risk of session hijacking and unauthorized access. Users are strongly encouraged to upgrade to the latest versions of HCL Domino and HCL iNotes, specifically 10.0.1 FP6 and 11.0.1 FP2 or later, to mitigate this vulnerability.",HCL Software,Hcl Inotes,5.9,MEDIUM,0.0023799999617040157,false,,false,false,false,,,false,false,,2020-12-01T00:15:00.000Z,0