Description
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Published: 2026-06-22
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM Datacap and Datacap Navigator versions 9.1.7 through 9.1.9 contain a cross‑site scripting flaw. The flaw enables an unauthenticated attacker to inject JavaScript into the Web UI. If successful, the attacker can manipulate the UI, potentially causing credential disclosure within the user’s trusted session. This issue is documented as CWE‑79.

Affected Systems

Affected products are IBM Datacap and IBM Datacap Navigator for all builds 9.1.7, 9.1.8, and 9.1.9. The vulnerability is present in the Web UI component of both products.

Risk and Exploitability

The CVSS score of 6.1 indicates moderate severity. No EPSS score is published, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, requiring network access to the Web UI. An unauthenticated attacker can send a crafted request that results in script execution in the victim’s browser, leading to potential credential theft or other malicious actions.

Generated by OpenCVE AI on June 22, 2026 at 16:30 UTC.

Remediation

Vendor Solution

IBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing IBM Datacap 9.1.9 Interim Fix 008

OpenCVE Recommended Actions

  • Upgrade IBM Datacap and Datacap Navigator to version 9.1.9 Interim Fix 008, which removes the XSS flaw.
  • Apply proper output encoding or input sanitization to all user‑supplied data displayed in the Web UI to mitigate code injection (CWE‑79).
  • Limit exposure of the Web UI to authenticated users and use network segmentation or a web application firewall to block malicious scripting payloads.

Generated by OpenCVE AI on June 22, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 22 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title Multiple Vulnerabilities in IBM Datacap
First Time appeared Ibm
Ibm datacap
Ibm datacap Navigator
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap_navigator:9.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap_navigator:9.1.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap_navigator:9.1.9:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm datacap
Ibm datacap Navigator
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Ibm Datacap Datacap Navigator
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-22T17:47:36.160Z

Reserved: 2026-05-06T21:28:44.850Z

Link: CVE-2026-8059

cve-icon Vulnrichment

Updated: 2026-06-22T17:47:31.657Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T17:45:05Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')