Vulnerability Details CVE-2024-49337
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages
is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.5%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2024-49337
-
cpe:2.3:a:ibm:openpages_with_watson:*
-
cpe:2.3:a:ibm:openpages_with_watson:9.0
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-