CVE Catalog

CVE-2026-11372

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

IBM TRIRIGA Application Platform versions 5.0.2 through 5.0.3 are vulnerable to cross-site scripting (XSS). An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.

Risk Assessment

The risk involves potential theft of login credentials or session hijacking of an administrator, which could result in unauthorized access to sensitive data and systems.

Recommendation

It is recommended to immediately upgrade IBM TRIRIGA Application Platform to the latest available version that includes a fix for the XSS vulnerability.

Original NVD description (English source)

IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS