Cross-Site Scripting (XSS).
Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user.
This issue affects HCL Notes: Release 12.0.2FP5HF8 on Linux 4.18.0-553.52.1.El8_10.X64_64#1.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting (XSS). Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects HCL Notes: Release 12.0.2FP5HF8 on Linux 4.18.0-553.52.1.El8_10.X64_64#1. | |
| Title | Reflected XSS in HCL Notes | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: TCS-CERT
Published:
Updated: 2026-07-15T16:04:57.687Z
Reserved: 2026-05-19T14:01:29.613Z
Link: CVE-2026-9007
Updated: 2026-07-15T16:04:54.771Z
No data.
No data.
OpenCVE Enrichment
No data.