CVE-2026-11372
Awaiting Analysis Awaiting Analysis - Queue
Cross-Site Scripting in IBM TRIRIGA Application Platform

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: IBM Corporation

Description
IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-22
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-11372
EUVD
EUVD-2026-38280
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm tririga_application_platform From 5.0.2 (inc) to 5.0.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-11372 is a Cross-Site Scripting (XSS) vulnerability affecting IBM TRIRIGA Application Platform versions 5.0.2 through 5.0.3.

This flaw allows an authenticated user to inject arbitrary malicious JavaScript code into the Web User Interface (UI).

By embedding this code, the attacker can alter the intended functionality of the application.

This can potentially lead to the disclosure of user credentials within a trusted session.

Compliance Impact

The vulnerability allows an authenticated user to inject malicious JavaScript code into the Web UI, potentially leading to credential disclosure within a trusted session.

Such credential disclosure could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive information and user credentials to maintain confidentiality and integrity.

However, the provided information does not explicitly discuss the direct impact on compliance with these standards.

Impact Analysis

The vulnerability can impact you by allowing an authenticated attacker to execute malicious JavaScript code within your session.

This can alter the normal behavior of the application and potentially expose sensitive information such as user credentials.

Because the attack occurs within a trusted session, it can bypass some security controls and lead to unauthorized access or data leakage.

Mitigation Strategies

To mitigate the vulnerability in IBM TRIRIGA Application Platform versions 5.0.2 to 5.0.3, users should upgrade to version 5.0.4 or later, where the issue has been addressed.

No workarounds are available, so applying the latest maintenance and updates is the recommended immediate step to protect against this cross-site scripting vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11372. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart