CVE-2023-37535 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2023-37535?

CVE-2023-37535 has a CVSS score of 7.1 (HIGH). This vulnerability allows attackers to inject malicious scripts through query parameters in HCL Domino Volt and Domino Leap applications due to insufficient URI protocol whitelisting. It enables cross-site scripting (XSS) attacks that can steal user credentials, session tokens, or perform actions on behalf of users. Organizations using affected versions of these HCL collaboration platforms are at risk.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts through query parameters in HCL Domino Volt and Domino Leap applications due to insufficient URI protocol whitelisting. It enables cross-site scripting (XSS) attacks that can steal user credentials, session tokens, or perform actions on behalf of users. Organizations using affected versions of these HCL collaboration platforms are at risk.

💻 Affected Systems

Products:

HCL Domino Volt
HCL Domino Leap

Versions: All versions prior to 1.0.1.6

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interfaces of these applications where query parameters are processed without proper validation.

📦 What is this software?

Domino Leap by Hcltech

View all CVEs affecting Domino Leap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, compromise user accounts, exfiltrate sensitive data, or perform unauthorized actions within the application on behalf of authenticated users.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies or credentials, potentially leading to account takeover and unauthorized access to sensitive information.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to potential script execution in specific contexts, but user data remains protected.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the attacker to craft malicious URLs with script payloads in query parameters and trick users into visiting them.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.0.1.6

Vendor Advisory: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722

Restart Required: Yes

Instructions:

1. Download HCL Domino Volt/Domino Leap version 1.0.1.6 or later from HCL support portal. 2. Backup current installation and data. 3. Stop the application services. 4. Apply the update following vendor instructions. 5. Restart services and verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to sanitize query parameters and reject malicious script content

Content Security Policy

all

Implement strict CSP headers to prevent script execution from untrusted sources

Content-Security-Policy: default-src 'self'; script-src 'self'

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block malicious query parameters containing script tags and JavaScript
Enable strict output encoding for all user-controlled data displayed in web interfaces

🔍 How to Verify

Check if Vulnerable:

Check application version via admin console or configuration files. Versions below 1.0.1.6 are vulnerable.

Check Version:

Check application.properties or admin interface for version information

Verify Fix Applied:

After patching, verify version shows 1.0.1.6 or higher and test query parameter handling with safe test payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual query parameters containing script tags or JavaScript code
Multiple failed attempts with encoded payloads in URLs

Network Indicators:

HTTP requests with suspicious query parameters containing script elements
Outbound connections to unknown domains following script execution

SIEM Query:

source="web_server" AND (uri_query="*<script*" OR uri_query="*javascript:*")

📊 Metadata

CVE ID: CVE-2023-37535

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (15.4th percentile)

Published: April 30, 2025

Last Updated: October 30, 2025

🔗 References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120722 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37535, you might also want to check these: