CVE-2024-28772 MEDIUM

CVE-2024-28772: IBM Security Directory Integrator cross-site scripting

Vendor Ibm
Product Security Directory Integrator
Weakness CWE-79 · XSS
Published July 25, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.

Key dates

02Disclosure timeline

July 25, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-11382 Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-51922 WordPress VP Sitemap plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability CVE-2022-42360 AEM Reflected XSS Arbitrary code execution CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer CVE-2026-24620 WordPress Landing Page Builder plugin <= 1.5.3.4 - Cross Site Scripting (XSS) vulnerability