Client-Side Script Injection in HCL Domino Volt and Domino Leap
CVE-2024-30145

6.5MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Domino Leap
Vendor: CVE Published:; 30 April 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2024-30145?

HCL Domino Volt and Domino Leap are susceptible to client-side script injection due to vulnerabilities in both the authoring environment and the deployed applications. These vulnerabilities can potentially allow an attacker to execute malicious scripts, compromising application integrity and user data. Proper validation and sanitization of user input are critical to mitigate these risks.

Affected Version(s)

HCL Domino Leap 1.0-1.0.5; 1.1-1.1.4

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025