CVE-2025-3633
Awaiting Analysis
Awaiting Analysis - Queue
Cross-Site Scripting (XSS) in IBM Cognos Analytics and Transformer
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: IBM Corporation
Description
Description
IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functionality and could lead to the disclosure of credentials within a trusted session.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | cognos_analytics | 11.2.0 |
| ibm | cognos_analytics | 11.2.4 |
| ibm | cognos_analytics | 12.0 |
| ibm | cognos_analytics | 12.1.0 |
| ibm | cognos_transformer | 11.2.4 |
| ibm | cognos_transformer | 12.0 |
| ibm | cognos_transformer | 12.1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70