CVE-2025-2896 — Cross-site Scripting in IBM Planning Analytics Local

CWE-79 — Cross-site Scripting CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

5.4MEDIUMNVD

CNA4.8

EPSS

0.1%

top 72.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Planning Analytics Local

Timeline

PublishedJun 1

Description

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/planning_analytics_local2.0, 2.1+1

▶NVDibm/planning_analytics_local2.0.0, 2.1.0+1

🔴Vulnerability Details

CVEList

IBM Planning Analytics Local cross-site scripting↗2025-06-01

▶

GHSA

GHSA-3qr2-2p78-j25q: IBM Planning Analytics Local 2↗2025-06-01

▶

📋Vendor Advisories

Red Hat

kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()↗2025-04-16

▶