Cross-Site Scripting in IBM Watsonx.data Intelligence Products
CVE-2025-36323
5.4MEDIUM
What is CVE-2025-36323?
IBM watsonx.data intelligence versions 5.2.0 to 5.3.0 are susceptible to cross-site scripting, allowing authenticated users to inject arbitrary JavaScript code into the Web UI. This can modify its intended functionality and may lead to sensitive information disclosure within a trusted session. Proper vigilance and security measures are critical to mitigate risks associated with this vulnerability.
Affected Version(s)
watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0