IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages





is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 15 Aug 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*

Tue, 11 Mar 2025 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm
Ibm openpages With Watson
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm openpages With Watson
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Thu, 20 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 20 Feb 2025 12:15:00 +0000

Type Values Removed Values Added
Description IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
Title IBM OpenPages HTML injection
Weaknesses CWE-80
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-15T14:43:41.449Z

Reserved: 2024-10-14T12:05:13.491Z

Link: CVE-2024-49337

cve-icon Vulnrichment

Updated: 2025-02-20T14:01:26.481Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-20T12:15:09.293

Modified: 2025-03-11T14:06:18.787

Link: CVE-2024-49337

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.