Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Network-accessible web UI requires low-privilege auth and victim interaction; high confidentiality impact reflects session theft risk with no integrity or availability consequence.
Primary rating from Vendor (ibm).
CVSS VectorVendor: ibm
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
AnalysisAI
HTML injection in IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 enables a remote authenticated attacker to plant malicious HTML content that executes in a victim's browser within the hosting site's security context. The CVSS vector (PR:L/UI:R/C:H) confirms exploitation requires low-privilege authentication and a second user to view the injected content, with the primary impact being confidentiality loss - such as session token theft or credential harvesting. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog; a vendor patch is available via IBM advisory 7277801.
Technical ContextAI
CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) describes a failure to sanitize or encode user-supplied HTML before it is rendered in a browser. IBM watsonx.data Intelligence is an enterprise data lakehouse platform combining data management, governance, and analytics capabilities. The affected CPE cpe:2.3:a:ibm:watsonx.data_intelligence:*:*:*:*:*:*:*:* identifies the application-tier web interface as the attack surface. Unlike reflected XSS, HTML injection via CWE-80 typically involves stored or persistent payloads where attacker-controlled markup is saved and later rendered to other users - the unchanged scope (S:U in CVSS) confirms execution is bounded within the same web origin.
RemediationAI
Apply the vendor-released patch referenced in IBM Security Advisory 7277801 at https://www.ibm.com/support/pages/node/7277801. The patch is confirmed available from IBM, though the exact fixed version number is not specified in the available input data and should be confirmed directly from the advisory before deployment. As a compensating control prior to patching, restrict access to the watsonx.data Intelligence web interface to the minimum set of authenticated users, reducing the pool of potential injectors. Deploying Content Security Policy (CSP) headers at the reverse proxy or load balancer layer can limit browser execution of injected HTML but does not eliminate the underlying flaw and may affect application functionality. Monitor web application access logs for anomalous HTML or script-like patterns in user-submitted fields.
More in Watsonx Data Intelligence
View allClient-side enforcement of server-side security in IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 allows an
Stored cross-site scripting in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 allows authenticated low-privi
Cleartext data transmission in IBM watsonx.data intelligence versions 5.2.2 through 5.3.1 (including patch-1) exposes se
Cleartext transmission in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 exposes sensitive data to intercept
Cross-site scripting in IBM watsonx.data Intelligence 5.2.0 through 5.3.0 allows low-privileged authenticated users to i
Temporary denial of service in IBM watsonx.data intelligence 5.2.0 through 5.3.0 is achievable by authenticated users wh
IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 leak sensitive technical information to the browser via verbo
IBM watsonx.data Intelligence versions 5.2.0 through 5.3.0 exposes authenticated users to unauthorized action execution
Server-side request forgery in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 enables authenticated attacker
Same weakness CWE-80 – Basic XSS
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210381
GHSA-g38c-h6hm-2rqj