CNNVD-202510-922 Information
CNNVD ID
CNNVD-202510-922
Related CVE
- CNNVD Published: 2025-10-07
Description (Chinese)
IBM Engineering Requirements Management DOORS Next是美国国际商业机器(IBM)公司的一个可扩展的解决方案。该解决方案可帮助您捕获、跟踪、分析和管理系统与高级 IT 应用开发。 IBM Engineering Requirements Management DOORS Next 7.0.2版本至7.0.2 iFix034版本、7.0.3版本至7.0.3 iFix016版本和7.1.0版本至7.1.0 iFix004版本存在跨站脚本漏洞,该漏洞源于允许经过身份验证的用户在Web UI中嵌入任意JavaScript代码,可能导致凭据泄露。
Description (English)
IBM Engineering Reforms Management DOORS Next is a scalable solution for IBM. This solution helps you to capture, track, analyse and manage and develop advanced IT applications. The cross-site script loophole between IBM Engineering Reviews Management DOORS Next 7.0.2 to 7.2.2 iFix034, 7.0.3 to 7.0.3 iFix016 and 7.1.0 to 7.1.iFix004 is the result of allowing any JavaScript code to be embedded in Web UI by an identified user, which could lead to a leak.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
国际商业机器
Published
2025-10-07
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7247292 https://access.redhat.com/security/cve/cve-2025-1826
Patch
https://www.ibm.com/support/pages/node/7247292
Share on: