CVE Catalog

CVE-2026-8059

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 are vulnerable to cross-site scripting (XSS). An unauthenticated attacker can embed arbitrary JavaScript code in the Web UI, altering intended functionality and potentially leading to credential disclosure within a trusted session.

Risk Assessment

The risk for the organization includes potential theft of user credentials and session hijacking, which may lead to unauthorized access to sensitive data and systems.

Recommendation

It is recommended to immediately apply security patches provided by IBM for affected versions and implement input filtering and output encoding mechanisms in web applications.

Original NVD description (English source)

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS