CVE-2022-42449 MEDIUM

CVE-2022-42449: HCL Domino Volt is affected by an unrestricted upload of a dangerous file type

Vendor Hcl Software
Product HCL Domino Volt
Weakness CWE-434 · Unrestricted file upload
Published April 30, 2025
Last update May 1, 2025

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications

Key dates

02Disclosure timeline

April 30, 2025 CVE published
May 1, 2025 Record updated