CVE-2023-37535

Published Apr 30, 2025

Last updated 14 days ago

CVSS high 7.1

Overview

Description
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters.
Source
psirt@hcl.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
4.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Severity
HIGH

Weaknesses

psirt@hcl.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2023-37535 🔴 HIGH (7.1) 🏢 HCL Software - HCL Domino Leap 🏗️ 1.0 - 1.0.5; 1.1 - 1.1.2 🔗 https://t.co/bAE9Kvu8P8 #CyberCron #VulnAlert #InfoSec https://t.co/F3a33nYyd4

    @cybercronai

    1 May 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.