CVE-2026-11372
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
IBM TRIRIGA Application Platform versions 5.0.2 through 5.0.3 are vulnerable to cross-site scripting (XSS). An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.
Risk Assessment
The risk involves potential theft of login credentials or session hijacking of an administrator, which could result in unauthorized access to sensitive data and systems.
Recommendation
It is recommended to immediately upgrade IBM TRIRIGA Application Platform to the latest available version that includes a fix for the XSS vulnerability.
Original NVD description (English source)
IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

