Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-q35w-g473-6c73

Опубликовано: 11 июн. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 5.5

Описание

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Ссылки

EPSS

Процентиль: 4%
0.00018
Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2025-0917

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2025-0917

CVSS3: 5.5
nvd
8 месяцев назад

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

fstec логотип

BDU:2025-07710

CVSS3: 5.5
fstec
8 месяцев назад

Уязвимость веб-интерфейса онлайн-сервиса бизнес-аналитики IBM Cognos Analytics, позволяющая нарушителю выполнить произвольный JavaScript-код и раскрыть учетные данные

EPSS

Процентиль: 4%
0.00018
Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2025-0917

Дефекты

CWE-79