Impact
A remote attacker can inject malicious HTML into an IBM watsonx.data intelligence instance, resulting in code that runs in the victim's web browser within the security context of the hosting site. The vulnerability allows the attacker to execute arbitrary client‑side code, which can modify the displayed page or trick the user into unintended actions. The impact is limited to the victim’s browser and does not directly compromise the server.
Affected Systems
IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are affected.
Risk and Exploitability
The vulnerability carries a CVSS score of 5.7, indicating moderate severity. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog. The path to exploitation is likely remote, requiring the attacker to supply malicious HTML that the application stores or renders without proper sanitization.
OpenCVE Enrichment