Skip to main content

Domino Leap

9 CVEs product

Monthly

CVE-2024-30146 MEDIUM This Month

Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Domino Leap
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2024-30145 MEDIUM This Month

Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-30115 MEDIUM This Month

Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-45721 MEDIUM This Month

Insufficient default configuration in HCL Leap allows anonymous access to directory information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino Leap
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-37535 HIGH This Week

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-37517 LOW Monitor

Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Domino Leap
NVD
CVSS 3.1
3.2
EPSS
0.2%
CVE-2022-42450 MEDIUM This Month

Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-42449 MEDIUM This Month

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Domino Leap
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-27562 MEDIUM This Month

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Domino Leap
NVD
CVSS 3.1
4.6
EPSS
0.3%
EPSS 0% CVSS 4.1
MEDIUM This Month

Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Domino Leap
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Insufficient default configuration in HCL Leap allows anonymous access to directory information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino Leap
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
EPSS 0% CVSS 3.2
LOW Monitor

Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Domino Leap
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Domino Leap
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Domino Leap
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Domino Leap
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy