Skip to main content

Hcl Notes

1 CVEs product

Monthly

CVE-2026-9007 MEDIUM This Month

Reflected cross-site scripting in HCL Notes 12.0.2FP5HF8 enables unauthenticated network attackers to inject and execute arbitrary JavaScript in the browser sessions of targeted users who interact with malicious links. The CVSS 4.0 vector (SC:H/SI:H/SA:H) signals high downstream impact on victim sessions - including potential session hijacking, credential theft, and unauthorized action execution within the Notes web environment. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis.

XSS Hcl Notes
NVD
CVSS 4.0
5.5
CVSS 5.5
MEDIUM This Month

Reflected cross-site scripting in HCL Notes 12.0.2FP5HF8 enables unauthenticated network attackers to inject and execute arbitrary JavaScript in the browser sessions of targeted users who interact with malicious links. The CVSS 4.0 vector (SC:H/SI:H/SA:H) signals high downstream impact on victim sessions - including potential session hijacking, credential theft, and unauthorized action execution within the Notes web environment. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis.

XSS Hcl Notes
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy