CVE-2023-37539 — HIGH (8.4)

Vulnerability Description

The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hcltech	Domino	11.0

Related Weaknesses (CWE)

CWE-79

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715Vendor Advisory

FAQ

What is CVE-2023-37539?

CVE-2023-37539 is a vulnerability with a CVSS score of 8.4 (HIGH). The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this te...

How severe is CVE-2023-37539?

CVE-2023-37539 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-37539?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Domino.