Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Stored XSS requires a victim to load the affected page (UI:R); PR:L reflects mandatory prior authentication; scope changes to victim sessions.
Primary rating from Vendor (ibm).
CVSS VectorVendor: ibm
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
AnalysisAI
Stored cross-site scripting in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 allows authenticated low-privileged users to inject persistent JavaScript into the Web UI, which then executes within the browser sessions of other authenticated users visiting the affected page. The CVSS scope change (S:C) confirms the payload crosses the security boundary from the attacker's session into victims' sessions, enabling credential harvesting within trusted contexts. No public exploit code or CISA KEV listing has been identified at time of analysis, but the stored and persistent nature of the injection elevates operational impact beyond what the 6.4 base score alone conveys.
Technical ContextAI
IBM watsonx.data intelligence is an enterprise data lakehouse platform combining data management, governance, and AI workloads. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), meaning the application fails to adequately sanitize or encode user-supplied input before persisting and re-rendering it as HTML or JavaScript in the Web UI. The CPE string cpe:2.3:a:ibm:watsonx.data_intelligence:*:*:*:*:*:*:*:* covers all sub-versions within the 5.2.0-5.3.0 range. Stored XSS is architecturally more dangerous than reflected XSS because the malicious payload survives server-side and executes for every victim who loads the compromised page, without requiring the attacker to re-deliver or socially engineer each target individually.
RemediationAI
Apply the vendor-released patch per IBM's security advisory at https://www.ibm.com/support/pages/node/7277801; the exact fixed version number is not independently confirmed in the available data beyond 'patch available from vendor' - verify the target upgrade version directly from the advisory before deploying. As an interim compensating control prior to patching, restrict access to the watsonx.data intelligence Web UI to trusted internal network segments or require VPN, reducing the pool of potential attackers to those already holding network access. Additionally, deploying a strict Content Security Policy (CSP) header on the Web UI can limit JavaScript execution from injected payloads; note that CSP bypass techniques exist and this measure reduces but does not eliminate risk, and must not substitute for patching.
More in Watsonx Data Intelligence
View allClient-side enforcement of server-side security in IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 allows an
Cleartext data transmission in IBM watsonx.data intelligence versions 5.2.2 through 5.3.1 (including patch-1) exposes se
Cleartext transmission in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 exposes sensitive data to intercept
HTML injection in IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 enables a remote authenticated attacker to
Cross-site scripting in IBM watsonx.data Intelligence 5.2.0 through 5.3.0 allows low-privileged authenticated users to i
Temporary denial of service in IBM watsonx.data intelligence 5.2.0 through 5.3.0 is achievable by authenticated users wh
IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 leak sensitive technical information to the browser via verbo
IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 exposes authenticated users to unauthorized action execution
Server-side request forgery in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 enables authenticated attacker
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210382
GHSA-4w8v-rh82-h7w8