Hcltech: >> Domino Leap >> 1.1.1 Security Vulnerabilities
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-30
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-04-30
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-30
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-04-30
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
CVSS Score
3.2
EPSS Score
0.0
Published
2025-04-30