EUVD-2018-11961

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM API Connect 5.0.0.0 has a cross-site scripting vulnerability allowing credential disclosure.

Reporter	Title	Published	Views	Family All 7
CNVD	IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2018-03884)	9 Feb 201800:00	–	cnvd
CVE	CVE-2018-1382	7 Feb 201817:00	–	cve
Cvelist	CVE-2018-1382	7 Feb 201817:00	–	cvelist
IBM Security Bulletins	Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382	15 Jun 201807:08	–	ibm
NVD	CVE-2018-1382	7 Feb 201817:29	–	nvd
OSV	CVE-2018-1382	7 Feb 201817:29	–	osv
Prion	Cross site scripting	7 Feb 201817:29	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "297c8735-ab85-30f1-a42d-acaac7702d3c",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "09628711-a432-3f31-96d3-a9ec91c2dabe",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.8.0"
      },
      {
        "id": "0c553f1d-d124-3a35-8448-7367bbe9ecb6",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.6.4"
      },
      {
        "id": "0c6956ed-72c8-342f-afa9-aafef3e8f15f",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.7.0"
      },
      {
        "id": "148f40bd-4ccc-37ad-ac00-597a964a03d2",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.2.0"
      },
      {
        "id": "38c0f8ec-14fd-3e9c-b0df-0cad6b11f16e",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.4.0"
      },
      {
        "id": "4e40bb04-d268-318b-bc0f-ac4cfafbf939",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.6.2"
      },
      {
        "id": "58b2e172-1081-3b30-bbbf-e3896a0169b5",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.0.0"
      },
      {
        "id": "6e05a8f6-6046-3453-9c34-b8ce6edf032a",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.1.0"
      },
      {
        "id": "84bbcdc0-1ec2-318b-9c07-d8753ecd7696",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.7.2"
      },
      {
        "id": "9eaf0be5-984b-3306-8b52-d12a6ea08598",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.8.1"
      },
      {
        "id": "ab88d60a-cae9-3f46-8ffa-9b29d746625d",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.3.0"
      },
      {
        "id": "b9d91331-4356-347e-be2e-e124bd57fe7c",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.6.1"
      },
      {
        "id": "be22807b-4945-3a99-8423-b620885299a9",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.7.1"
      },
      {
        "id": "c4579005-3a97-3ca7-82f5-821938f07371",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.6.0"
      },
      {
        "id": "d4aacca5-db43-3d40-8c44-64017b9f44ba",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.6.3"
      },
      {
        "id": "f50e0f10-2fed-3255-8b72-f895c3b148b1",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.5.0"
      },
      {
        "id": "f64e3c49-a8f7-37b0-aefd-18cd7dbace53",
        "product": {
          "name": "API Connect"
        },
        "product_version": "5.0.0.1"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/138079
ibm	www.ibm.com/support/docview.wss
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

5.5Medium risk

Vulners AI Score5.5

CVSS 35.4

CVSS 23.5

EPSS0.00198