🔐 CVE Alert

CVE-2026-9007

UNKNOWN 0.0

Reflected XSS in HCL Notes

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting (XSS).  Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects HCL Notes: Release 12.0.2FP5HF8 on Linux 4.18.0-553.52.1.El8_10.X64_64#1.

CWE CWE-79
Vendor hcl software
Product hcl notes
Published Jul 15, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for hcl software hcl notes

Be the first to know when new unknown vulnerabilities affecting hcl software hcl notes are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

HCL Software / HCL Notes
Release 12.0.2FP5HF8 on Linux 4.18.0-553.52.1.el8_10.x64_64#1

References

NVD ↗ CVE.org ↗ EPSS Data ↗
thalesgroup.com: https://www.thalesgroup.com/en/search/cybersecurity/cybersecurity-services/CVE-2026-9007

Credits

Julien BLOMMAERT