IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| Link | Resource |
|---|---|
| https://www.ibm.com/support/pages/node/7277801 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
06 Jul 2026, 13:24
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.ibm.com/support/pages/node/7277801 - Vendor Advisory | |
| First Time |
Ibm software Hub
Ibm Ibm watsonx.data Intelligence |
|
| CPE | cpe:2.3:a:ibm:watsonx.data_intelligence:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:software_hub:*:*:*:*:*:*:*:* |
30 Jun 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-30 21:16
Updated : 2026-07-06 13:24
NVD link : CVE-2025-36323
Mitre link : CVE-2025-36323
CVE.ORG link : CVE-2025-36323
JSON object : View
Products Affected
ibm
- watsonx.data_intelligence
- software_hub
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
