CVE-2022-38390 MEDIUM

CVE-2022-38390

Vendor Ibm
Product Business Automation Workflow
Weakness CWE-79 · XSS
Published November 17, 2022
Last update April 29, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978.

Key dates

02Disclosure timeline

November 17, 2022 CVE published
April 29, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-2503 Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid CVE-2022-41643 WordPress Accessibility plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability CVE-2023-2614 Cross-site Scripting (XSS) - DOM in pimcore/pimcore CVE-2023-2219 SourceCodester Task Reminder System Users.php cross site scripting CVE-2026-39696 WordPress Elfsight WhatsApp Chat CC plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability