CVE-2024-28776
published 2025-02-19CVE-2024-28776: IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | cognos_controller | >= 11.0.0 < 11.0.1.4 | 11.0.1.4 |
| ibm | cognos_controller | 11.0.0 – 11.0.1 | — |
| ibm | controller | — | — |