Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-1826

Опубликовано: 07 окт. 2025
Источник: nvd
CVSS3: 5.4
EPSS Низкий

Описание

IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:jazz_foundation:7.0.2:-:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix007:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix008a:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix009:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix010:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix011:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix012:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix013:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix014:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix016:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix017:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix018:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix020a:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix021:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix022:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix023:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix024:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix025:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix026a:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix027:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix028:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix029:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix030:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix031:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix032:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix034:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:-:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix007:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix008:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix009:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix010:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix011:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix013:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix014:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix015:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix016:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*

EPSS

Процентиль: 15%
0.00049
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-vf5g-mrcg-m69p

CVSS3: 5.4
github
4 месяца назад

IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

fstec логотип

BDU:2025-16252

CVSS3: 5.4
fstec
4 месяца назад

Уязвимость программного обеспечения для управления требованиями IBM Engineering Requirements Management DOORS Next, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 15%
0.00049
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79