Refine your search
8 vulnerabilities found for openpages by ibm
CVE-2025-36223 (GCVE-0-2025-36223)
Vulnerability from nvd
Published
2025-11-12 21:04
Modified
2025-11-13 15:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Summary
IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:03:44.665622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:03:56.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages:9.1:*:*:*:*:*:*:*"
],
"product": "OpenPages",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.\u003c/p\u003e"
}
],
"value": "IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:04:45.915Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250239"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes A mitigation procedure has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 Please refer mitigation steps here: https://www.ibm.com/docs/en/openpages/9.1.x?topic=settings-configure-allowed-hostnames https://www.ibm.com/docs/en/openpages/9.0.0?topic=settings-configure-allowed-hostnames For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes A mitigation procedure has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 Please refer mitigation steps here: https://www.ibm.com/docs/en/openpages/9.1.x?topic=settings-configure-allowed-hostnames https://www.ibm.com/docs/en/openpages/9.0.0?topic=settings-configure-allowed-hostnames For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product."
}
],
"title": "IBM OpenPages Host Header Injection",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36223",
"datePublished": "2025-11-12T21:04:45.915Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-11-13T15:03:56.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27368 (GCVE-0-2025-27368)
Vulnerability from nvd
Published
2025-11-12 19:11
Modified
2025-11-12 21:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:45:34.221716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:03:57.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages:9.0:*:*:*:*:*:*:*"
],
"product": "OpenPages",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view.\u003c/p\u003e"
}
],
"value": "IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T19:11:10.308Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250238"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.1 Download URL for 9.1.1 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage\"\u003ehttp://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage\u003c/a\u003e For IBM OpenPages 9.0 - Apply\u0026nbsp;9.0\u0026nbsp;FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\"\u003ehttps://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\u003c/a\u003e Download URL for 9.0.0.5.7 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7\"\u003ehttps://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7\u003c/a\u003e For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.1 Download URL for 9.1.1 http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product."
}
],
"title": "IBM OpenPages Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-27368",
"datePublished": "2025-11-12T19:11:10.308Z",
"dateReserved": "2025-02-22T15:25:27.069Z",
"dateUpdated": "2025-11-12T21:03:57.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-33110 (GCVE-0-2025-33110)
Vulnerability from nvd
Published
2025-11-06 20:43
Modified
2025-11-06 21:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:11:46.103708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:11:53.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages_with_watson:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "OpenPages",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
}
],
"value": "IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:43:16.690Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250321"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM OpenPages Vulnerable to HTML Injection",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33110",
"datePublished": "2025-11-06T20:43:16.690Z",
"dateReserved": "2025-04-15T17:50:49.744Z",
"dateUpdated": "2025-11-06T21:11:53.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36121 (GCVE-0-2025-36121)
Vulnerability from nvd
Published
2025-10-27 14:56
Modified
2025-10-27 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:17:32.366645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:56:03.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "OpenPages",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
}
],
"value": "IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:51:26.399Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7248932"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Affected endpoint have been updated to sanitise input parameters to align with security best practices. A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.05 Interim Fix 5 ( 9.0.0.5.6 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.6 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-6 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1.2 of the product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Affected endpoint have been updated to sanitise input parameters to align with security best practices. A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.05 Interim Fix 5 ( 9.0.0.5.6 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.6 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-6 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1.2 of the product."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36121",
"datePublished": "2025-10-27T14:56:07.466Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2025-10-27T18:51:26.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36223 (GCVE-0-2025-36223)
Vulnerability from cvelistv5
Published
2025-11-12 21:04
Modified
2025-11-13 15:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Summary
IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:03:44.665622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:03:56.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages:9.1:*:*:*:*:*:*:*"
],
"product": "OpenPages",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.\u003c/p\u003e"
}
],
"value": "IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:04:45.915Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250239"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes A mitigation procedure has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 Please refer mitigation steps here: https://www.ibm.com/docs/en/openpages/9.1.x?topic=settings-configure-allowed-hostnames https://www.ibm.com/docs/en/openpages/9.0.0?topic=settings-configure-allowed-hostnames For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes A mitigation procedure has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 Please refer mitigation steps here: https://www.ibm.com/docs/en/openpages/9.1.x?topic=settings-configure-allowed-hostnames https://www.ibm.com/docs/en/openpages/9.0.0?topic=settings-configure-allowed-hostnames For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product."
}
],
"title": "IBM OpenPages Host Header Injection",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36223",
"datePublished": "2025-11-12T21:04:45.915Z",
"dateReserved": "2025-04-15T21:16:41.802Z",
"dateUpdated": "2025-11-13T15:03:56.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27368 (GCVE-0-2025-27368)
Vulnerability from cvelistv5
Published
2025-11-12 19:11
Modified
2025-11-12 21:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:45:34.221716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:03:57.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages:9.0:*:*:*:*:*:*:*"
],
"product": "OpenPages",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view.\u003c/p\u003e"
}
],
"value": "IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T19:11:10.308Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250238"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.1 Download URL for 9.1.1 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage\"\u003ehttp://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage\u003c/a\u003e For IBM OpenPages 9.0 - Apply\u0026nbsp;9.0\u0026nbsp;FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\"\u003ehttps://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\u003c/a\u003e Download URL for 9.0.0.5.7 \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7\"\u003ehttps://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7\u003c/a\u003e For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.1 Download URL for 9.1.1 http://ibm.com/support/pages/downloading-ibm-openpages-version-911-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product."
}
],
"title": "IBM OpenPages Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-27368",
"datePublished": "2025-11-12T19:11:10.308Z",
"dateReserved": "2025-02-22T15:25:27.069Z",
"dateUpdated": "2025-11-12T21:03:57.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-33110 (GCVE-0-2025-33110)
Vulnerability from cvelistv5
Published
2025-11-06 20:43
Modified
2025-11-06 21:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:11:46.103708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:11:53.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages_with_watson:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "OpenPages",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
}
],
"value": "IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:43:16.690Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250321"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM OpenPages Vulnerable to HTML Injection",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33110",
"datePublished": "2025-11-06T20:43:16.690Z",
"dateReserved": "2025-04-15T17:50:49.744Z",
"dateUpdated": "2025-11-06T21:11:53.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36121 (GCVE-0-2025-36121)
Vulnerability from cvelistv5
Published
2025-10-27 14:56
Modified
2025-10-27 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:17:32.366645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:56:03.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "OpenPages",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "9.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.\u003c/p\u003e"
}
],
"value": "IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:51:26.399Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7248932"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Affected endpoint have been updated to sanitise input parameters to align with security best practices. A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.05 Interim Fix 5 ( 9.0.0.5.6 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.6 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-6 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1.2 of the product.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Affected endpoint have been updated to sanitise input parameters to align with security best practices. A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.05 Interim Fix 5 ( 9.0.0.5.6 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.6 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-6 For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1.2 of the product."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36121",
"datePublished": "2025-10-27T14:56:07.466Z",
"dateReserved": "2025-04-15T21:16:18.171Z",
"dateUpdated": "2025-10-27T18:51:26.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}