CVE-2024-41752 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in IBM Cognos Analytics

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA5.4

EPSS

0.1%

top 81.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Analytics

Timeline

PublishedDec 18

Description

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/cognos_analytics11.2.0 — 11.2.4+1

▶NVDibm/cognos_analytics11.2.0 — 11.2.4+1

🔴Vulnerability Details

GHSA

GHSA-wr5h-38pc-5qx7: IBM Cognos Analytics 11↗2024-12-18

▶

CVEList

IBM Cognos Analytics HTML injection↗2024-12-18

▶