IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
PUBLISHED5.2ApplicationCWE-79
IBM TRIRIGA Cross-Site Scripting Vulnerability
Problem type
Affected products
IBM
TRIRIGA Application Platform
<= 5.0.3 - AFFECTED
References
GitHub Security Advisories
GHSA-h4m9-g3gq-cc2g
IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This...
https://github.com/advisories/GHSA-h4m9-g3gq-cc2gIBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-11372Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-11372",
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"dateUpdated": "2026-06-22T15:57:43.139Z",
"dateReserved": "2026-06-05T12:09:50.632Z",
"datePublished": "2026-06-22T14:09:34.887Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm",
"dateUpdated": "2026-06-22T14:09:34.887Z"
},
"title": "IBM TRIRIGA Cross-Site Scripting Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</p>"
}
]
}
],
"affected": [
{
"vendor": "IBM",
"product": "TRIRIGA Application Platform",
"cpes": [
"cpe:2.3:a:ibm:tririga_application_platform:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:tririga_application_platform:5.0.3:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "5.0.2",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "5.0.3"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7276076",
"tags": [
"vendor-advisory",
"patch"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
}
],
"solutions": [
{
"lang": "en",
"value": "An holistic approach has been implemented to address XSS vulnerabilities across the application as part of IBM TRIRIGA Application Platform 5.0.4 GA. This vulnerability is also part of it.\n\n\n\nCustomers using affected versions of IBM TRIRIGA should upgrade to IBM TRIRIGA Application Platform 5.0.4 GA or a later supported release containing the fix. IBM recommends applying the latest available maintenance to ensure protection against this vulnerability.\n\n\n\n\n\n\n\nReference : https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product[…]GA+Application+Platform&release=5.0.4&platform=All&function=all https://www.ibm.com/support/fixcentral/swg/selectFixes",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>An holistic approach has been implemented to address XSS vulnerabilities across the application as part of IBM TRIRIGA Application Platform 5.0.4 GA. This vulnerability is also part of it.</p><p>Customers using affected versions of IBM TRIRIGA should upgrade to IBM TRIRIGA Application Platform 5.0.4 GA or a later supported release containing the fix. IBM recommends applying the latest available maintenance to ensure protection against this vulnerability.</p><p></p><p>Reference : <a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+TRIRIGA+Application+Platform&release=5.0.4&platform=All&function=all\" rel=\"noopener noreferrer nofollow\">https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product[…]GA+Application+Platform&release=5.0.4&platform=All&function=all</a></p>"
}
]
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-06-22T15:57:43.139Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}