Description
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Published: 2026-06-30
Score: 6.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are vulnerable to stored cross‑site scripting. An authenticated user can embed arbitrary JavaScript into the web interface, enabling the attacker to alter functionality and potentially expose credentials within a trusted session. The weakness lies in insufficient input validation of user‑supplied data, leading to an information‑leak and manipulation risk.

Affected Systems

The affected product is IBM watsonx.data intelligence. Versions 5.2.0 through 5.3.0 are impacted, and the fix is released in IBM watsonx.data intelligence 5.3.05.3.1 or later.

Risk and Exploitability

The CVSS score is 6.4, indicating a moderate severity vulnerability. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The attack vector requires the attacker to be authenticated to the system, meaning that compromised user credentials or privileged access can be abused to exploit the stored XSS flaw.

Generated by OpenCVE AI on June 30, 2026 at 22:26 UTC.

Remediation

Vendor Solution

Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence IBM strongly advises upgrading as soon as possible


OpenCVE Recommended Actions

  • Upgrade IBM watsonx.data intelligence to version 5.3.05.3.1 or later according to the vendor’s release instructions.
  • Restrict access to the Web UI so that only trusted, verified users can log in, minimizing exposure of the stored script vector.
  • Deploy a Web Application Firewall or similar filtering layer to block malicious JavaScript payloads injected into the interface.

Generated by OpenCVE AI on June 30, 2026 at 22:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title Vulnerabilities found in Watson Data Intelligence
First Time appeared Ibm
Ibm watsonxdata Intelligence
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm watsonxdata Intelligence
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}


Subscriptions

Ibm Watsonxdata Intelligence
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-30T20:22:12.916Z

Reserved: 2025-04-15T21:16:51.461Z

Link: CVE-2025-36320

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T22:30:06Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')