VDB
CVE-2024-28776
CVE-2024-28776
PUBLISHED
CVSS 5.400000095367432 MEDIUM
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
EPSS 0.13% · 31.6th percentile
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.13%
31.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ibm | cognos_controller | 11.0.0 |
| ibm | controller | 11.1.0 |
| IBM | Controller | 11.1.0 |
| IBM | Cognos Controller | 11.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-28776 (circl-sighting)
- CIRCL seen: CVE-2024-28776 (circl-sighting)
- https://www.ibm.com/support/pages/node/7183597 (circl)
Timeline
- Feb 19, 2025 CVE Published
- Feb 19, 2025 PoC Published
- Feb 20, 2025 EPSS Score
- Feb 26, 2025 Coalition ESS Score
- Mar 6, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
- Mar 26, 2025 Coalition ESS Score
- Mar 29, 2025 Coalition ESS Score
- Apr 4, 2025 EPSS Score
- Apr 18, 2025 EPSS Score
- May 2, 2025 EPSS Score
- May 17, 2025 EPSS Score