The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.
References
Link | Resource |
---|---|
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715 | Vendor Advisory |
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.4 |
16 Jul 2024, 14:23
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Hcltech domino
Hcltech |
|
CPE | cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:* cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:* cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:* |
|
References | () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715 - Vendor Advisory |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 23:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37539
Mitre link : CVE-2023-37539
CVE.ORG link : CVE-2023-37539
JSON object : View
Products Affected
hcltech
- domino
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')