CVE-2024-41746

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 56.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cics TX AdvancedIBM Cics TX StandardIBM Cics TX
Timeline
PublishedJan 16

Description

IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages3 packages

CVEListV5ibm/cics_tx_advanced10.1, 11.1
CVEListV5ibm/cics_tx_standard11.1
NVDibm/cics_tx10.1, 11.1.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-fhcf-5gx2-w6p5: IBM CICS TX Advanced 102025-01-16
CVEList
IBM CICS TX cross-site scripting2025-01-16