CVE-2023-37539
📋 TL;DR
The Domino Catalog template has a stored XSS vulnerability that allows attackers with document editing permissions to inject malicious scripts. When users click on manipulated content, their browsers execute attacker-controlled code. This affects organizations using HCL Domino applications built with the vulnerable template.
💻 Affected Systems
- HCL Domino
📦 What is this software?
Domino by Hcltech
Domino by Hcltech
Domino by Hcltech
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, credentials, or sensitive data from authenticated users, potentially leading to account takeover, data breaches, or lateral movement within the network.
Likely Case
Attackers with legitimate editing access could target specific users to steal their credentials or session tokens, enabling unauthorized access to the Domino application.
If Mitigated
With proper input validation and output encoding, the risk is limited to users who click on malicious links, but impact would be contained to individual sessions.
🎯 Exploit Status
Requires authenticated access with document editing permissions. Attack is triggered when users click on malicious content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Domino 12.0.2 FP1, 11.0.1 FP6, 10.0.1 FP10
Vendor Advisory: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113715
Restart Required: Yes
Instructions:
1. Download and install the appropriate fix pack from HCL Support. 2. Apply the fix to all affected Domino servers. 3. Restart the Domino server service. 4. Update any affected catalog databases.
🔧 Temporary Workarounds
Input Validation and Output Encoding
allImplement server-side input validation and output encoding for all user-controllable fields in catalog applications.
Content Security Policy
allImplement Content Security Policy headers to restrict script execution sources.
🧯 If You Can't Patch
- Restrict document editing permissions to trusted users only
- Implement web application firewall rules to detect and block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check if you're using Domino Catalog template applications and verify your Domino version against affected versions.Check Version:
On Domino server console: show serverVerify Fix Applied:
After patching, verify the Domino version shows the fixed version and test catalog applications for XSS vulnerabilities.📡 Detection & Monitoring
Log Indicators:
- Unusual document edits in catalog databases
- Multiple failed login attempts followed by document modifications
Network Indicators:
- HTTP requests containing suspicious script tags or JavaScript payloads to catalog applications
SIEM Query:
source="domino.log" AND ("catalog" OR "edit") AND ("script" OR "javascript" OR "onclick")