CVE-2025-0248 – HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability

CVE ID : CVE-2025-0248

Published : Nov. 25, 2025, 4:16 p.m. | 1 hour, 7 minutes ago

Description : HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim’s Web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…