First published: Fri May 05 2023(Updated: )
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Planning Analytics Local | =2.0.0 | |
IBM Planning Analytics | <=2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for IBM Planning Analytics Local is CVE-2023-28520.
The severity level of CVE-2023-28520 is medium.
The stored cross-site scripting vulnerability in IBM Planning Analytics Local allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
IBM Planning Analytics Local version 2.0.0 is affected by CVE-2023-28520.
To fix the stored cross-site scripting vulnerability in IBM Planning Analytics Local, upgrade to a version that is not vulnerable or apply the necessary patches and updates provided by IBM.