CVE-2023-37539

The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:11

Type Values Removed Values Added
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715 - Vendor Advisory () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715 - Vendor Advisory
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 8.4

16 Jul 2024, 14:23

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 5.4
First Time Hcltech domino
Hcltech
CPE cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:14.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:12.0:*:*:*:*:*:*:*
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715 - Vendor Advisory

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) The Domino Catalog template es susceptible a una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Un atacante con la capacidad de editar documentos en la aplicación/base de datos del catálogo creada a partir de esta plantilla puede incrustar un ataque de Cross-site Scripting. El ataque se activaría si un usuario final hiciera clic en él.

06 Jun 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-06 23:15

Updated : 2024-11-21 08:11


NVD link : CVE-2023-37539

Mitre link : CVE-2023-37539

CVE.ORG link : CVE-2023-37539


JSON object : View

Products Affected

hcltech

  • domino
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')