Script Injection Vulnerability in HCL Domino Volt and Domino Leap
CVE-2023-37535

7.1HIGH

Key Information:

Vendor: HCL Software Software
Status: HCL Software Domino Leap
Vendor: CVE Published:; 30 April 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2023-37535?

HCL Domino Volt and Domino Leap suffer from a vulnerability that allows for script injection via query parameters due to an inadequate URI protocol whitelist. This weakness can be exploited by malicious actors to execute arbitrary scripts, potentially compromising the integrity and security of the applications. It is crucial for users and administrators of affected products to apply the necessary updates and implement security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

HCL Domino Leap 1.0 - 1.0.5; 1.1 - 1.1.2

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Jul 6, 2023