CVE-2024-49337

CWE-80CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 68.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Openpages With Watson
Timeline
PublishedFeb 20

Description

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDibm/openpages_with_watson8.38.3.0.3+1
CVEListV5ibm/openpages_with_watson8.3, 9.0+1

🔴Vulnerability Details

2
CVEList
IBM OpenPages HTML injection2025-02-20
GHSA
GHSA-c348-367f-c282: IBM OpenPages with Watson 82025-02-20
CVE-2024-49337 (MEDIUM CVSS 5.4) | IBM OpenPages with Watson 8.3 and 9 | cvebase.io