Search criteria
27 vulnerabilities found for domino_leap by hcltech
FKIE_CVE-2023-37535
Vulnerability from fkie_nvd - Published: 2025-04-30 22:15 - Updated: 2025-10-30 20:34
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino_leap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino_leap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BAD465-CCD1-4EBA-BDC5-63A3F75273CE",
"versionEndExcluding": "1.1.3",
"versionStartIncluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap\nallow script injection through query parameters."
},
{
"lang": "es",
"value": "La lista blanca de protocolos URI insuficiente en HCL Domino Volt y Domino Leap permite la inyecci\u00f3n de scripts a trav\u00e9s de par\u00e1metros de consulta."
}
],
"id": "CVE-2023-37535",
"lastModified": "2025-10-30T20:34:15.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T22:15:16.090",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-30115
Vulnerability from fkie_nvd - Published: 2025-04-30 22:15 - Updated: 2025-11-04 01:41
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino_leap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino_leap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D93205-7B62-454B-A556-819F28FA6D49",
"versionEndExcluding": "1.1.4",
"versionStartIncluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization policy in HCL Leap\nallows client-side script injection in the deployed application through the\nHTML widget."
},
{
"lang": "es",
"value": "Una pol\u00edtica de depuraci\u00f3n insuficiente en HCL Leap permite client-side script injection en la aplicaci\u00f3n implementada a trav\u00e9s del widget HTML."
}
],
"id": "CVE-2024-30115",
"lastModified": "2025-11-04T01:41:39.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T22:15:16.453",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-30145
Vulnerability from fkie_nvd - Published: 2025-04-30 22:15 - Updated: 2025-11-07 16:17
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino_leap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino_leap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "447D5847-378A-429C-BC63-F27883200AA9",
"versionEndExcluding": "1.1.5",
"versionStartIncluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vectors in HCL Domino Volt and Domino Leap allow client-side\nscript injection in the authoring environment and deployed applications."
},
{
"lang": "es",
"value": "M\u00faltiples vectores en HCL Domino Volt y Domino Leap permiten client-side script injection en el entorno de creaci\u00f3n y en las aplicaciones implementadas."
}
],
"id": "CVE-2024-30145",
"lastModified": "2025-11-07T16:17:38.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T22:15:16.590",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-45721
Vulnerability from fkie_nvd - Published: 2025-04-30 22:15 - Updated: 2025-11-04 01:41
Severity ?
Summary
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino_leap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino_leap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D93205-7B62-454B-A556-819F28FA6D49",
"versionEndExcluding": "1.1.4",
"versionStartIncluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient default configuration in HCL Leap\nallows anonymous access to directory information."
},
{
"lang": "es",
"value": "La configuraci\u00f3n predeterminada insuficiente en HCL Leap permite el acceso an\u00f3nimo a la informaci\u00f3n del directorio."
}
],
"id": "CVE-2023-45721",
"lastModified": "2025-11-04T01:41:51.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
},
"published": "2025-04-30T22:15:16.223",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-30146
Vulnerability from fkie_nvd - Published: 2025-04-30 22:15 - Updated: 2025-12-31 01:06
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Summary
Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server's filesystem.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino_leap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino_leap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "270E38B1-12E7-4C3E-BFC1-3C8526D68D41",
"versionEndExcluding": "1.1.5",
"versionStartIncluding": "1.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control of endpoint in HCL Domino Leap\nallows certain admin users to import applications from the\nserver\u0027s filesystem."
},
{
"lang": "es",
"value": "El control de acceso inadecuado del endpoint en HCL Domino Leap permite que ciertos usuarios administradores importen aplicaciones desde el sistema de archivos del servidor."
}
],
"id": "CVE-2024-30146",
"lastModified": "2025-12-31T01:06:39.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T22:15:16.720",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-37517
Vulnerability from fkie_nvd - Published: 2025-04-30 22:15 - Updated: 2025-10-30 20:35
Severity ?
3.2 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino_leap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino_leap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA4B6CA-FED5-4EBC-BBFE-5A4FEA144DC5",
"versionEndExcluding": "1.1.2",
"versionStartIncluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing \"no cache\" headers in HCL Leap permits sensitive data to be cached."
},
{
"lang": "es",
"value": "La falta de encabezados \"sin cach\u00e9\" en HCL Leap permite que se almacenen en cach\u00e9 datos confidenciales."
}
],
"id": "CVE-2023-37517",
"lastModified": "2025-10-30T20:35:18.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T22:15:15.953",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-524"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-42450
Vulnerability from fkie_nvd - Published: 2025-04-30 22:15 - Updated: 2025-10-30 20:36
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino_leap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino_leap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B009418-D6E4-41E6-89C2-83EFC4803B47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications."
},
{
"lang": "es",
"value": "La depuraci\u00f3n inadecuada de archivos SVG en HCL Domino Volt permite client-side script injection en aplicaciones implementadas."
}
],
"id": "CVE-2022-42450",
"lastModified": "2025-10-30T20:36:42.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T22:15:15.083",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-42449
Vulnerability from fkie_nvd - Published: 2025-04-30 21:15 - Updated: 2025-10-30 20:40
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino_leap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino_leap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF7C163-1A4B-47C2-A7EB-3ABD1E8AACFF",
"versionEndExcluding": "1.1.1",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications"
},
{
"lang": "es",
"value": "La pol\u00edtica de filtro de tipo de archivo predeterminado no seguro en HCL Domino Volt permite la carga de archivos .html y la ejecuci\u00f3n de JavaScript no seguro en aplicaciones implementadas"
}
],
"id": "CVE-2022-42449",
"lastModified": "2025-10-30T20:40:07.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T21:15:53.053",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-27562
Vulnerability from fkie_nvd - Published: 2025-04-30 21:15 - Updated: 2025-10-30 20:41
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | domino_leap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:domino_leap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF7C163-1A4B-47C2-A7EB-3ABD1E8AACFF",
"versionEndExcluding": "1.1.1",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications."
},
{
"lang": "es",
"value": "La pol\u00edtica de filtro de tipo de archivo predeterminado no seguro en HCL Domino Volt permite la carga de archivos .html y la ejecuci\u00f3n de JavaScript no seguro en aplicaciones implementadas."
}
],
"id": "CVE-2022-27562",
"lastModified": "2025-10-30T20:41:13.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-30T21:15:52.303",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
CVE-2024-30146 (GCVE-0-2024-30146)
Vulnerability from nvd – Published: 2025-04-30 21:16 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Leap is affected by improper access control
Summary
Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server's filesystem.
Severity ?
4.1 (Medium)
CWE
- CWE-284 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.1.3 - 1.1.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:05.373476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:11.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.1.3 - 1.1.4"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control of endpoint in HCL Domino Leap\nallows certain admin users to import applications from the\nserver\u0027s filesystem.\u003cbr\u003e"
}
],
"value": "Improper access control of endpoint in HCL Domino Leap\nallows certain admin users to import applications from the\nserver\u0027s filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:16:31.949Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Leap is affected by improper access control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30146",
"datePublished": "2025-04-30T21:16:31.949Z",
"dateReserved": "2024-03-22T23:57:26.413Z",
"dateUpdated": "2025-05-01T15:34:11.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30145 (GCVE-0-2024-30145)
Vulnerability from nvd – Published: 2025-04-30 21:15 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability
Summary
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0-1.0.5; 1.1-1.1.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:11.282605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:19.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0-1.0.5; 1.1-1.1.4"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple vectors in HCL Domino Volt and Domino Leap allow client-side\nscript injection in the authoring environment and deployed applications.\u003cbr\u003e"
}
],
"value": "Multiple vectors in HCL Domino Volt and Domino Leap allow client-side\nscript injection in the authoring environment and deployed applications."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:15:23.377Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30145",
"datePublished": "2025-04-30T21:15:23.377Z",
"dateReserved": "2024-03-22T23:57:24.981Z",
"dateUpdated": "2025-05-01T15:34:19.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30115 (GCVE-0-2024-30115)
Vulnerability from nvd – Published: 2025-04-30 21:14 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability
Summary
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0 - 1.0.5; 1.1 - 1.1.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:16.839168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:29.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5; 1.1 - 1.1.3"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient sanitization policy in HCL Leap\nallows client-side script injection in the deployed application through the\nHTML widget.\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient sanitization policy in HCL Leap\nallows client-side script injection in the deployed application through the\nHTML widget."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:14:20.204Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30115",
"datePublished": "2025-04-30T21:14:20.204Z",
"dateReserved": "2024-03-22T23:57:21.326Z",
"dateUpdated": "2025-05-01T15:34:29.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45721 (GCVE-0-2023-45721)
Vulnerability from nvd – Published: 2025-04-30 21:13 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by a disclosure of private personal information vulnerability
Summary
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
Severity ?
5.3 (Medium)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0 - 1.0.5; 1.1 - 1.1.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:23.426916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:36.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5; 1.1 - 1.1.3"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient default configuration in HCL Leap\nallows anonymous access to directory information.\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient default configuration in HCL Leap\nallows anonymous access to directory information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:13:30.911Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by a disclosure of private personal information vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-45721",
"datePublished": "2025-04-30T21:13:30.911Z",
"dateReserved": "2023-10-10T21:26:10.163Z",
"dateUpdated": "2025-05-01T15:34:36.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37535 (GCVE-0-2023-37535)
Vulnerability from nvd – Published: 2025-04-30 21:12 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability
Summary
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0 - 1.0.5; 1.1 - 1.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:30.314657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:42.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5; 1.1 - 1.1.2"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap\nallow script injection through query parameters.\u003cbr\u003e\n\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap\nallow script injection through query parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:12:38.618Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37535",
"datePublished": "2025-04-30T21:12:38.618Z",
"dateReserved": "2023-07-06T16:29:45.713Z",
"dateUpdated": "2025-05-01T15:34:42.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37517 (GCVE-0-2023-37517)
Vulnerability from nvd – Published: 2025-04-30 21:11 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by missing "no cache" headers
Summary
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
Severity ?
CWE
- CWE-524 - Use of Cache Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0 - 1.0.5; 1.1 - 1.1.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:35.818936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:50.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5; 1.1 - 1.1.1"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing \"no cache\" headers in HCL Leap permits sensitive data to be cached.\u003cbr\u003e\n\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Missing \"no cache\" headers in HCL Leap permits sensitive data to be cached."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524 Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:11:44.164Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by missing \"no cache\" headers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37517",
"datePublished": "2025-04-30T21:11:44.164Z",
"dateReserved": "2023-07-06T16:11:42.471Z",
"dateUpdated": "2025-05-01T15:34:50.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42450 (GCVE-0-2022-42450)
Vulnerability from nvd – Published: 2025-04-30 21:07 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt is affected by Cross-site scripting (XSS)
Summary
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Volt |
Affected:
1.0 - 1.0.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:41.042188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:58.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Volt",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.\u003cbr\u003e\n\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:07:57.381Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt is affected by Cross-site scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-42450",
"datePublished": "2025-04-30T21:07:57.381Z",
"dateReserved": "2022-10-06T16:01:51.741Z",
"dateUpdated": "2025-05-01T15:34:58.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42449 (GCVE-0-2022-42449)
Vulnerability from nvd – Published: 2025-04-30 21:01 – Updated: 2025-05-01 15:35
VLAI?
Title
HCL Domino Volt is affected by an unrestricted upload of a dangerous file type
Summary
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
Severity ?
4.6 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Volt |
Affected:
1.0 - 1.0.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:43:14.379259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:35:09.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Volt",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:01:21.381Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt is affected by an unrestricted upload of a dangerous file type",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-42449",
"datePublished": "2025-04-30T21:01:21.381Z",
"dateReserved": "2022-10-06T16:01:51.741Z",
"dateUpdated": "2025-05-01T15:35:09.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27562 (GCVE-0-2022-27562)
Vulnerability from nvd – Published: 2025-04-30 20:54 – Updated: 2025-05-01 15:35
VLAI?
Title
HCL Domino Volt is affected by an unrestricted upload of a dangerous file type
Summary
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.
Severity ?
4.6 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Volt |
Affected:
1.0 - 1.0.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:43:21.266153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:35:17.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Volt",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T20:54:20.782Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt is affected by an unrestricted upload of a dangerous file type",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27562",
"datePublished": "2025-04-30T20:54:20.782Z",
"dateReserved": "2022-03-21T21:19:28.245Z",
"dateUpdated": "2025-05-01T15:35:17.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30146 (GCVE-0-2024-30146)
Vulnerability from cvelistv5 – Published: 2025-04-30 21:16 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Leap is affected by improper access control
Summary
Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server's filesystem.
Severity ?
4.1 (Medium)
CWE
- CWE-284 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.1.3 - 1.1.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:05.373476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:11.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.1.3 - 1.1.4"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control of endpoint in HCL Domino Leap\nallows certain admin users to import applications from the\nserver\u0027s filesystem.\u003cbr\u003e"
}
],
"value": "Improper access control of endpoint in HCL Domino Leap\nallows certain admin users to import applications from the\nserver\u0027s filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:16:31.949Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Leap is affected by improper access control",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30146",
"datePublished": "2025-04-30T21:16:31.949Z",
"dateReserved": "2024-03-22T23:57:26.413Z",
"dateUpdated": "2025-05-01T15:34:11.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30145 (GCVE-0-2024-30145)
Vulnerability from cvelistv5 – Published: 2025-04-30 21:15 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability
Summary
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0-1.0.5; 1.1-1.1.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:11.282605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:19.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0-1.0.5; 1.1-1.1.4"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple vectors in HCL Domino Volt and Domino Leap allow client-side\nscript injection in the authoring environment and deployed applications.\u003cbr\u003e"
}
],
"value": "Multiple vectors in HCL Domino Volt and Domino Leap allow client-side\nscript injection in the authoring environment and deployed applications."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:15:23.377Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30145",
"datePublished": "2025-04-30T21:15:23.377Z",
"dateReserved": "2024-03-22T23:57:24.981Z",
"dateUpdated": "2025-05-01T15:34:19.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30115 (GCVE-0-2024-30115)
Vulnerability from cvelistv5 – Published: 2025-04-30 21:14 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability
Summary
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0 - 1.0.5; 1.1 - 1.1.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:16.839168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:29.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5; 1.1 - 1.1.3"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient sanitization policy in HCL Leap\nallows client-side script injection in the deployed application through the\nHTML widget.\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient sanitization policy in HCL Leap\nallows client-side script injection in the deployed application through the\nHTML widget."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:14:20.204Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-30115",
"datePublished": "2025-04-30T21:14:20.204Z",
"dateReserved": "2024-03-22T23:57:21.326Z",
"dateUpdated": "2025-05-01T15:34:29.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45721 (GCVE-0-2023-45721)
Vulnerability from cvelistv5 – Published: 2025-04-30 21:13 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by a disclosure of private personal information vulnerability
Summary
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
Severity ?
5.3 (Medium)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0 - 1.0.5; 1.1 - 1.1.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:23.426916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:36.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5; 1.1 - 1.1.3"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient default configuration in HCL Leap\nallows anonymous access to directory information.\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient default configuration in HCL Leap\nallows anonymous access to directory information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:13:30.911Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by a disclosure of private personal information vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-45721",
"datePublished": "2025-04-30T21:13:30.911Z",
"dateReserved": "2023-10-10T21:26:10.163Z",
"dateUpdated": "2025-05-01T15:34:36.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37535 (GCVE-0-2023-37535)
Vulnerability from cvelistv5 – Published: 2025-04-30 21:12 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability
Summary
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0 - 1.0.5; 1.1 - 1.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:30.314657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:42.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5; 1.1 - 1.1.2"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap\nallow script injection through query parameters.\u003cbr\u003e\n\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap\nallow script injection through query parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:12:38.618Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37535",
"datePublished": "2025-04-30T21:12:38.618Z",
"dateReserved": "2023-07-06T16:29:45.713Z",
"dateUpdated": "2025-05-01T15:34:42.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37517 (GCVE-0-2023-37517)
Vulnerability from cvelistv5 – Published: 2025-04-30 21:11 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt and Domino Leap are affected by missing "no cache" headers
Summary
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
Severity ?
CWE
- CWE-524 - Use of Cache Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Leap |
Affected:
1.0 - 1.0.5; 1.1 - 1.1.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:35.818936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:50.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Leap",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5; 1.1 - 1.1.1"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing \"no cache\" headers in HCL Leap permits sensitive data to be cached.\u003cbr\u003e\n\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Missing \"no cache\" headers in HCL Leap permits sensitive data to be cached."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524 Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:11:44.164Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt and Domino Leap are affected by missing \"no cache\" headers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37517",
"datePublished": "2025-04-30T21:11:44.164Z",
"dateReserved": "2023-07-06T16:11:42.471Z",
"dateUpdated": "2025-05-01T15:34:50.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42450 (GCVE-0-2022-42450)
Vulnerability from cvelistv5 – Published: 2025-04-30 21:07 – Updated: 2025-05-01 15:34
VLAI?
Title
HCL Domino Volt is affected by Cross-site scripting (XSS)
Summary
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Volt |
Affected:
1.0 - 1.0.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T15:01:41.042188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:34:58.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Volt",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.\u003cbr\u003e\n\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:07:57.381Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt is affected by Cross-site scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-42450",
"datePublished": "2025-04-30T21:07:57.381Z",
"dateReserved": "2022-10-06T16:01:51.741Z",
"dateUpdated": "2025-05-01T15:34:58.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42449 (GCVE-0-2022-42449)
Vulnerability from cvelistv5 – Published: 2025-04-30 21:01 – Updated: 2025-05-01 15:35
VLAI?
Title
HCL Domino Volt is affected by an unrestricted upload of a dangerous file type
Summary
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
Severity ?
4.6 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Volt |
Affected:
1.0 - 1.0.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:43:14.379259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:35:09.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Volt",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T21:01:21.381Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt is affected by an unrestricted upload of a dangerous file type",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-42449",
"datePublished": "2025-04-30T21:01:21.381Z",
"dateReserved": "2022-10-06T16:01:51.741Z",
"dateUpdated": "2025-05-01T15:35:09.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27562 (GCVE-0-2022-27562)
Vulnerability from cvelistv5 – Published: 2025-04-30 20:54 – Updated: 2025-05-01 15:35
VLAI?
Title
HCL Domino Volt is affected by an unrestricted upload of a dangerous file type
Summary
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.
Severity ?
4.6 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Domino Volt |
Affected:
1.0 - 1.0.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:43:21.266153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T15:35:17.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Domino Volt",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "1.0 - 1.0.5"
}
]
}
],
"datePublic": "2025-04-30T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T20:54:20.782Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120722"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Domino Volt is affected by an unrestricted upload of a dangerous file type",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-27562",
"datePublished": "2025-04-30T20:54:20.782Z",
"dateReserved": "2022-03-21T21:19:28.245Z",
"dateUpdated": "2025-05-01T15:35:17.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}