CVE-2022-27546: HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability
First published: Mon Aug 29 2022(Updated: )
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HCL iNotes | =9.0.1 | |
| HCL iNotes | =9.0.1-fixpack_10 | |
| HCL iNotes | =9.0.1-fixpack_3 | |
| HCL iNotes | =9.0.1-fixpack_4 | |
| HCL iNotes | =9.0.1-fixpack_5 | |
| HCL iNotes | =9.0.1-fixpack_6 | |
| HCL iNotes | =9.0.1-fixpack_7 | |
| HCL iNotes | =9.0.1-fixpack_8 | |
| HCL iNotes | =9.0.1-fixpack_9 | |
| HCL iNotes | =10.0 | |
| HCL iNotes | =10.0.1 | |
| HCL iNotes | =10.0.1-fixpack_1 | |
| HCL iNotes | =10.0.1-fixpack_2 | |
| HCL iNotes | =10.0.1-fixpack_3 | |
| HCL iNotes | =10.0.1-fixpack_4 | |
| HCL iNotes | =10.0.1-fixpack_5 | |
| HCL iNotes | =10.0.1-fixpack_6 | |
| HCL iNotes | =10.0.1-fixpack_7 | |
| HCL iNotes | =10.0.1-fixpack_8 | |
| HCL iNotes | =11.0 | |
| HCL iNotes | =11.0.1 | |
| HCL iNotes | =11.0.1-fixpack_1 | |
| HCL iNotes | =11.0.1-fixpack_2 | |
| HCL iNotes | =11.0.1-fixpack_3 | |
| HCL iNotes | =11.0.1-fixpack_4 | |
| HCL iNotes | =11.0.1-fixpack_5 | |
| HCL iNotes | =12.0 | |
| HCL iNotes | =12.0.1 | |
| HCL iNotes | =12.0.1-fixpack_1 | |
| IBM Domino | =9.0 | |
| IBM Domino | =9.0.1 | |
| IBM Domino | =9.0.1-fixpack_10 | |
| IBM Domino | =9.0.1-fixpack_3 | |
| IBM Domino | =9.0.1-fixpack_4 | |
| IBM Domino | =9.0.1-fixpack_5 | |
| IBM Domino | =9.0.1-fixpack_6 | |
| IBM Domino | =9.0.1-fixpack_7 | |
| IBM Domino | =9.0.1-fixpack_8 | |
| IBM Domino | =9.0.1-fixpack_9 | |
| IBM Domino | =10.0 | |
| IBM Domino | =10.0.1 | |
| IBM Domino | =10.0.1-fixpack_1 | |
| IBM Domino | =10.0.1-fixpack_2 | |
| IBM Domino | =10.0.1-fixpack_3 | |
| IBM Domino | =10.0.1-fixpack_4 | |
| IBM Domino | =10.0.1-fixpack_5 | |
| IBM Domino | =10.0.1-fixpack_6 | |
| IBM Domino | =10.0.1-fixpack_7 | |
| IBM Domino | =10.0.1-fixpack_8 | |
| IBM Domino | =11.0 | |
| IBM Domino | =11.0.1 | |
| IBM Domino | =11.0.1-fixpack_1 | |
| IBM Domino | =11.0.1-fixpack_2 | |
| IBM Domino | =11.0.1-fixpack_3 | |
| IBM Domino | =11.0.1-fixpack_4 | |
| IBM Domino | =11.0.1-fixpack_5 | |
| IBM Domino | =12.0 | |
| IBM Domino | =12.0.1 | |
| IBM Domino | =12.0.1-fixpack_1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-27546?
CVE-2022-27546 is classified as a medium severity vulnerability.
How do I fix CVE-2022-27546?
To fix CVE-2022-27546, users should update to the latest version of HCL iNotes or apply the relevant patches as provided by HCL.
What types of attacks can exploit CVE-2022-27546?
CVE-2022-27546 can be exploited through reflected Cross-site Scripting (XSS) attacks via specially-crafted URLs.
Which software versions are affected by CVE-2022-27546?
CVE-2022-27546 affects HCL iNotes versions 9.0.1 and all fixpacks, as well as major versions 10.0, 11.0, and 12.0.
Can CVE-2022-27546 affect users' data?
Yes, CVE-2022-27546 can potentially compromise user data by executing malicious scripts in the context of the user's session.
- agent/type
- agent/title
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- vendor/hcltech
- canonical/hcl inotes
- version/hcl inotes/9.0.1
- version/hcl inotes/9.0.1-fixpack_10
- version/hcl inotes/9.0.1-fixpack_3
- version/hcl inotes/9.0.1-fixpack_4
- version/hcl inotes/9.0.1-fixpack_5
- version/hcl inotes/9.0.1-fixpack_6
- version/hcl inotes/9.0.1-fixpack_7
- version/hcl inotes/9.0.1-fixpack_8
- version/hcl inotes/9.0.1-fixpack_9
- version/hcl inotes/10.0
- version/hcl inotes/10.0.1
- version/hcl inotes/10.0.1-fixpack_1
- version/hcl inotes/10.0.1-fixpack_2
- version/hcl inotes/10.0.1-fixpack_3
- version/hcl inotes/10.0.1-fixpack_4
- version/hcl inotes/10.0.1-fixpack_5
- version/hcl inotes/10.0.1-fixpack_6
- version/hcl inotes/10.0.1-fixpack_7
- version/hcl inotes/10.0.1-fixpack_8
- version/hcl inotes/11.0
- version/hcl inotes/11.0.1
- version/hcl inotes/11.0.1-fixpack_1
- version/hcl inotes/11.0.1-fixpack_2
- version/hcl inotes/11.0.1-fixpack_3
- version/hcl inotes/11.0.1-fixpack_4
- version/hcl inotes/11.0.1-fixpack_5
- version/hcl inotes/12.0
- version/hcl inotes/12.0.1
- version/hcl inotes/12.0.1-fixpack_1
- canonical/ibm domino
- version/ibm domino/9.0
- version/ibm domino/9.0.1
- version/ibm domino/9.0.1-fixpack_10
- version/ibm domino/9.0.1-fixpack_3
- version/ibm domino/9.0.1-fixpack_4
- version/ibm domino/9.0.1-fixpack_5
- version/ibm domino/9.0.1-fixpack_6
- version/ibm domino/9.0.1-fixpack_7
- version/ibm domino/9.0.1-fixpack_8
- version/ibm domino/9.0.1-fixpack_9
- version/ibm domino/10.0
- version/ibm domino/10.0.1
- version/ibm domino/10.0.1-fixpack_1
- version/ibm domino/10.0.1-fixpack_2
- version/ibm domino/10.0.1-fixpack_3
- version/ibm domino/10.0.1-fixpack_4
- version/ibm domino/10.0.1-fixpack_5
- version/ibm domino/10.0.1-fixpack_6
- version/ibm domino/10.0.1-fixpack_7
- version/ibm domino/10.0.1-fixpack_8
- version/ibm domino/11.0
- version/ibm domino/11.0.1
- version/ibm domino/11.0.1-fixpack_1
- version/ibm domino/11.0.1-fixpack_2
- version/ibm domino/11.0.1-fixpack_3
- version/ibm domino/11.0.1-fixpack_4
- version/ibm domino/11.0.1-fixpack_5
- version/ibm domino/12.0
- version/ibm domino/12.0.1
- version/ibm domino/12.0.1-fixpack_1