CVE-2026-8059
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 are vulnerable to cross-site scripting (XSS). An unauthenticated attacker can embed arbitrary JavaScript code in the Web UI, altering intended functionality and potentially leading to credential disclosure within a trusted session.
Risk Assessment
The risk for the organization includes potential theft of user credentials and session hijacking, which may lead to unauthorized access to sensitive data and systems.
Recommendation
It is recommended to immediately apply security patches provided by IBM for affected versions and implement input filtering and output encoding mechanisms in web applications.
Original NVD description (English source)
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

