Cross-Site Scripting Vulnerability in IBM Planning Analytics Software
CVE-2025-2896

4.8MEDIUM

Key Information:

Vendor

IBM
Status
Planning Analytics Local
Vendor
CVE Published:
1 June 2025

What is CVE-2025-2896?

IBM Planning Analytics Local versions 2.0 and 2.1 are susceptible to Cross-Site Scripting (XSS) attacks, allowing authenticated users to inject arbitrary JavaScript into the Web UI. This vulnerability can potentially modify the application's intended functionality and may lead to the unauthorized disclosure of user credentials within a trusted session.

Affected Version(s)

Planning Analytics Local 2.0, 2.1

References

https://www.ibm.com/support/pages/node/7235182
vendor-advisory

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-2896 : Cross-Site Scripting Vulnerability in IBM Planning Analytics Software