Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30146 | 1 Hcltech | 1 Domino Leap | 2025-12-31 | N/A | 4.1 MEDIUM |
|
Improper access control of endpoint in HCL Domino Leap
allows certain admin users to import applications from the
server's filesystem.
|
|||||
| CVE-2024-30145 | 1 Hcltech | 1 Domino Leap | 2025-11-07 | N/A | 6.5 MEDIUM |
|
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
|
|||||
| CVE-2023-45721 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | N/A | 5.3 MEDIUM |
|
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
|
|||||
| CVE-2024-30115 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | N/A | 6.3 MEDIUM |
|
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
|
|||||
| CVE-2022-27562 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 4.6 MEDIUM |
|
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.
|
|||||
| CVE-2022-42449 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 4.6 MEDIUM |
|
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
|
|||||
| CVE-2022-42450 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 4.6 MEDIUM |
|
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
|
|||||
| CVE-2023-37517 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 3.2 LOW |
|
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
|
|||||
| CVE-2023-37535 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 7.1 HIGH |
|
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
|
|||||