CVE-2020-14225
MEDIUMHCL iNotes - Tabnabbing via Improper Message Content Sanitization
Title source: llmDescription
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085915
Scores
CVSS v3
6.5
EPSS
0.0056
EPSS Percentile
68.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
Status
published
Products (4)
hcltech/hcl_inotes
10.0.1 (5 CPE variants)
hcltech/hcl_inotes
11.0.0
hcltechsw/hcl_inotes
9.0.1 fixpack_8 (3 CPE variants)
hcltechsw/hcl_inotes
< 9.0.1
Published
Dec 21, 2020
Tracked Since
Feb 18, 2026