Description
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Published: 2026-06-30
Score: 5.7 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote attacker can inject malicious HTML into an IBM watsonx.data intelligence instance, resulting in code that runs in the victim's web browser within the security context of the hosting site. The vulnerability allows the attacker to execute arbitrary client‑side code, which can modify the displayed page or trick the user into unintended actions. The impact is limited to the victim’s browser and does not directly compromise the server.

Affected Systems

IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are affected.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.7, indicating moderate severity. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog. The path to exploitation is likely remote, requiring the attacker to supply malicious HTML that the application stores or renders without proper sanitization.

Generated by OpenCVE AI on June 30, 2026 at 23:32 UTC.

Remediation

Vendor Solution

Affected productFixed in releaseInstructionsIBM watsonx.data intelligence 5.2.0 - 5.3.05.3.1 https://www.ibm.com/docs/en/watsonx/wdi/2.3.x?topic=new-watsonxdata-intelligence IBM strongly advises upgrading as soon as possible


OpenCVE Recommended Actions

  • Install IBM watsonx.data intelligence release 5.3.05.3.1 or later, which contains the official fix
  • Ensure that any user‑supplied content displayed in the interface is properly encoded or filtered, preventing non‑sanitized HTML from being rendered
  • Conduct a review of existing data and logs to remove any previously injected malicious code and verify that no residual vulnerabilities remain

Generated by OpenCVE AI on June 30, 2026 at 23:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Title Vulnerabilities found in Watson Data Intelligence
First Time appeared Ibm
Ibm watsonxdata Intelligence
Weaknesses CWE-80
CPEs cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm watsonxdata Intelligence
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}


Subscriptions

Ibm Watsonxdata Intelligence
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-30T20:19:53.940Z

Reserved: 2025-04-15T21:16:51.461Z

Link: CVE-2025-36321

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T23:45:05Z

Weaknesses
  • CWE-80

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)