CVE-2023-38007Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in IBM Cloud PAK System

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 89.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK System
Timeline
PublishedJun 27

Description

IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/cloud_pak_system8 versions+7
NVDibm/cloud_pak_system5 versions+4

🔴Vulnerability Details

2
CVEList
IBM Cloud Pak System HTML injection2025-06-27
GHSA
GHSA-gc29-jc84-4r2v: IBM Cloud Pak System 22025-06-27
CVE-2023-38007 — IBM Cloud PAK System vulnerability | cvebase