3 matches found
Security Bulletin: IBM Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2025-0719)
Summary IBM Cloud Pak for Data is vulnerable to cross-site scripting. A reflected cross-site scripting XSS vulnerability has been identified on the /error endpoint, specifically with the 'error' parameter. This vulnerability allows an attacker to inject JavaScript code, which will be executed whe...
CVE-2025-0719 IBM Cloud Pak for Data cross-site scripting
IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...
CVE-2025-0719
CVE-2025-0719 affects IBM Cloud Pak for Data (versions 4.0.0–4.8.5 and 5.0.0). The IBM advisory describes a reflected cross-site scripting (XSS) vulnerability on the /error endpoint, where an unauthenticated attacker can inject JavaScript via the error parameter, potentially leading to credential...