HTML Injection Vulnerability in a Specific URL Endpoint of the...

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Basic Information

ID CVE-2025-36121

Source ibm

Published Oct 27, 2025 at 14:56

Modified Oct 27, 2025 at 18:51

Affected Product

Vendor IBM

Product OpenPages

Version 9.1

Affected Versions IBM OpenPages 9.1
IBM OpenPages 9.0

CWE Classification

CWE-80

References

www.ibm.com /support/pages/node/7248932

{
    "lastseen": "",
    "description": "IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.",
    "published": "2025-10-27T14:56:07.466Z",
    "modified": "2025-10-27T18:51:26.399Z",
    "type": "cve",
    "title": "HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7248932",
    "id": "CVE-2025-36121",
    "bulletinFamily": "",
    "cwe": [
        "CWE-80"
    ],
    "cvelist": null,
    "sourceData": "IBM OpenPages 9.1\nIBM OpenPages 9.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenPages",
    "version": "9.1",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application_CVE-2025-36121