CVE-2025-36323
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
Cross-site scripting vulnerability in IBM watsonx.data intelligence allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.
Risk Assessment
The risk involves potential theft of administrator or other privileged user credentials through malicious script execution in the victim's browser.
Recommendation
Immediately update to the latest version of IBM watsonx.data intelligence and implement input/output filtering for user data in the web interface.
Original NVD description (English source)
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

