The software fails to adequately filter user-controlled input data for syntax that has control-plane implications. Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. In this case the page could be modified to include a misleading message to the victim which could subject them to further compromise.
CVEID: CVE-2018-1733
**Description:**IBM QRadar fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content.
**CVSS Base Score:**5.3
**CVSS Temporal Score:**For the current score, see _ <https://exchange.xforce.ibmcloud.com/vulnerabilities/147811> _
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
None