IBM Jazz Foundation cross-site scripting_CVE-2025-1826

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Basic Information

ID CVE-2025-1826

Source ibm

Published Oct 7, 2025 at 17:50

Modified Oct 7, 2025 at 18:15

Affected Product

Vendor IBM

Product Jazz Foundation

Version 7.0.2

Affected Versions IBM Jazz Foundation 7.0.2
IBM Jazz Foundation 7.0.3
IBM Jazz Foundation 7.1.0

CWE Classification

CWE-79

References

www.ibm.com /support/pages/node/7247292

{
    "lastseen": "",
    "description": "IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,\u00a07.0.3 to 7.0.3 iFix016, and\u00a07.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
    "published": "2025-10-07T17:50:00.512Z",
    "modified": "2025-10-07T18:15:35.175Z",
    "type": "cve",
    "title": "IBM Jazz Foundation cross-site scripting",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7247292",
    "id": "CVE-2025-1826",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "IBM Jazz Foundation 7.0.2\nIBM Jazz Foundation 7.0.3\nIBM Jazz Foundation 7.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Jazz Foundation",
    "version": "7.0.2",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}