HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability
CVE-2023-37539

5.4MEDIUM

Key Information:

Vendor: Hcl Software
Status: Domino Server
Vendor: CVE Published:; 6 June 2024

Summary

The HCL Domino Catalog template contains a Stored Cross-Site Scripting (XSS) vulnerability that can be exploited by an attacker with document editing permissions within the catalog application. By embedding malicious scripts, the attacker can activate the payload upon user interaction, leading to potential data breaches or unauthorized actions. This risk highlights the importance of input validation and stringent access controls to prevent such injection attacks.

Affected Version(s)

Domino Server 11, 12, 14

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
Jul 6, 2023