Client-side Script Injection Vulnerability in HCL Domino Volt
CVE-2022-42450

4.6MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Domino Volt
Vendor: CVE Published:; 30 April 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2022-42450?

An issue has been identified in HCL Domino Volt where improper sanitization of SVG files allows for client-side script injection. This vulnerability can be exploited when an attacker uploads a malicious SVG file, potentially leading to unauthorized access and control of deployed applications. Organizations using HCL Domino Volt must ensure proper validation and sanitization practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

HCL Domino Volt 1.0 - 1.0.5

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Oct 6, 2022