CVE-2025-1826

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 94.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Jazz Foundation
Timeline
PublishedOct 7

Description

IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/jazz_foundation7.0.27.0.2 iFix034+2
NVDibm/jazz_foundation7.0.2, 7.0.3, 7.1.0+2

Patches

Patch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Jazz Foundation cross-site scripting2025-10-07
GHSA
GHSA-vf5g-mrcg-m69p: IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 72025-10-07
CVE-2025-1826 (MEDIUM CVSS 5.4) | IBM Engineering Requirements Manage | cvebase.io