IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
2025-02-20T12:15:09.293
2025-03-11T14:06:18.787
Analyzed
CVSSv3.1: 5.4 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | openpages_with_watson | < 8.3.0.3 | Yes |
| Application | ibm | openpages_with_watson | < 9.0.0.5 | Yes |
| Operating System | linux | linux_kernel | - | No |
| Operating System | microsoft | windows | - | No |