IBM Cloud Pak for Applications Cross-Site Scripting Vulnerability (CNVD-2022-05120)

IBM Cloud Pak for Automation is an intelligent software platform used to build automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build, and run automation applications and services on any cloud.A cross-site scripting vulnerability exists in IBM Cloud Pak for Applications, which stems from the fact that Cloud Pak for Applications allows users to embed arbitrary JavaScript code to change the intended functionality. An attacker could exploit the vulnerability to cause exposure of credentials in a trusted session.