{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-11372", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-06-05T12:09:50.632Z", "datePublished": "2026-06-22T14:09:34.887Z", "dateUpdated": "2026-06-22T15:57:43.139Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-06-22T14:09:34.887Z"}, "title": "IBM TRIRIGA Cross-Site Scripting Vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "TRIRIGA Application Platform", "versions": [{"status": "affected", "version": "5.0.2", "lessThanOrEqual": "5.0.3", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:tririga_application_platform:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:tririga_application_platform:5.0.3:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7276076", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "An holistic approach has been implemented to address XSS vulnerabilities across the application as part of IBM TRIRIGA Application Platform 5.0.4 GA. This vulnerability is also part of it.\n\n\n\nCustomers using affected versions of IBM TRIRIGA should upgrade to IBM TRIRIGA Application Platform 5.0.4 GA or a later supported release containing the fix. IBM recommends applying the latest available maintenance to ensure protection against this vulnerability.\n\n\n\n\n\n\n\nReference : https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product[\u2026]GA+Application+Platform&release=5.0.4&platform=All&function=all https://www.ibm.com/support/fixcentral/swg/selectFixes", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An holistic approach has been implemented to address XSS vulnerabilities across the application as part of IBM TRIRIGA Application Platform 5.0.4 GA. This vulnerability is also part of it.</p><p>Customers using affected versions of IBM TRIRIGA should upgrade to IBM TRIRIGA Application Platform 5.0.4 GA or a later supported release containing the fix. IBM recommends applying the latest available maintenance to ensure protection against this vulnerability.</p><p></p><p>Reference : <a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&amp;product=ibm/Tivoli/IBM+TRIRIGA+Application+Platform&amp;release=5.0.4&amp;platform=All&amp;function=all\" rel=\"noopener noreferrer nofollow\">https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&amp;product[\u2026]GA+Application+Platform&amp;release=5.0.4&amp;platform=All&amp;function=all</a></p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T15:57:33.585843Z", "id": "CVE-2026-11372", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T15:57:43.139Z"}}]}}

{}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.2,5.0.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "TRIRIGA Application Platform", "source": "cna", "vendor": "IBM"}, "product": "tririga_application_platform", "vendor": "ibm"}], "created": "2026-06-22T16:45:16.263308+00:00", "updated": "2026-06-22T17:45:05.267202+00:00", "vendors": ["ibm", "ibm$PRODUCT$tririga_application_platform"]}