GCVE-VVD-NCSC-2025-347

Advisory PublishedCVSS 6.4/10

Vulnetix · Advisory published November 3, 2025

IBM QRadar SIEM 7.5.0 Update Pack 13 Independent Fix 02 contains a stored cross-site scripting vulnerability that allows authenticated users to inject JavaScript into the Web UI, risking credential compromise.

Download JSON Open in Console

Weaknesses (CWE)

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-266Incorrect Privilege Assignment

Risk Scores

CVSS 3.1

6.4/10

Medium · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions	Platforms
IBM	vers:unknown/*	—	—

Aliases

CVE-2025-36170 CVE-2025-36138 CVE-2025-36007

Transitive aliases

EUVD-2025-36330 BDU:2025-16369 BDU:2025-16370 VVD-CISA-2025-36170 NCSC-2025-0347 VVD-CISA-2025-36138 GHSA-mg5v-h49p-v962 EUVD-2025-36326 CNVD-2025-27446 GHSA-qm4w-8f5q-j6mh GHSA-7c63-x96c-8hpq BDU:2025-16371 EUVD-2025-36327 VVD-CISA-2025-36007 CNVD-2025-27447

References

advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON