Cross-Site Scripting Vulnerability in IBM Planning Analytics Software
CVE-2025-2896

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Planning Analytics Local
Vendor: CVE Published:; 1 June 2025

What is CVE-2025-2896?

IBM Planning Analytics Local versions 2.0 and 2.1 are susceptible to Cross-Site Scripting (XSS) attacks, allowing authenticated users to inject arbitrary JavaScript into the Web UI. This vulnerability can potentially modify the application's intended functionality and may lead to the unauthorized disclosure of user credentials within a trusted session.

Affected Version(s)

Planning Analytics Local 2.0

Planning Analytics Local 2.1

References

https://www.ibm.com/support/pages/node/7235182

vendor-advisorypatch

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 1, 2025
Vulnerability Reserved
Mar 28, 2025

JSON