CVE-2024-49337
published 2025-02-20CVE-2024-49337: IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | openpages_with_watson | — | — |
| ibm | openpages_with_watson | — | — |
| ibm | openpages_with_watson | >= 8.3 < 8.3.0.3 | 8.3.0.3 |
| ibm | openpages_with_watson | >= 9.0 < 9.0.0.5 | 9.0.0.5 |