CVE-2025-1826

IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034,7.0.3 to 7.0.3 iFix016, and7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ibmCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
ibmjazz_foundation
7.0.2
ibmjazz_foundation
7.0.2:ifix001
ibmjazz_foundation
7.0.2:ifix002
ibmjazz_foundation
7.0.2:ifix003
ibmjazz_foundation
7.0.2:ifix004
ibmjazz_foundation
7.0.2:ifix005
ibmjazz_foundation
7.0.2:ifix006
ibmjazz_foundation
7.0.2:ifix007
ibmjazz_foundation
7.0.2:ifix008a
ibmjazz_foundation
7.0.2:ifix009
ibmjazz_foundation
7.0.2:ifix010
ibmjazz_foundation
7.0.2:ifix011
ibmjazz_foundation
7.0.2:ifix012
ibmjazz_foundation
7.0.2:ifix013
ibmjazz_foundation
7.0.2:ifix014
ibmjazz_foundation
7.0.2:ifix016
ibmjazz_foundation
7.0.2:ifix017
ibmjazz_foundation
7.0.2:ifix018
ibmjazz_foundation
7.0.2:ifix020a
ibmjazz_foundation
7.0.2:ifix021
ibmjazz_foundation
7.0.2:ifix022
ibmjazz_foundation
7.0.2:ifix023
ibmjazz_foundation
7.0.2:ifix024
ibmjazz_foundation
7.0.2:ifix025
ibmjazz_foundation
7.0.2:ifix026a
ibmjazz_foundation
7.0.2:ifix027
ibmjazz_foundation
7.0.2:ifix028
ibmjazz_foundation
7.0.2:ifix029
ibmjazz_foundation
7.0.2:ifix030
ibmjazz_foundation
7.0.2:ifix031
ibmjazz_foundation
7.0.2:ifix032
ibmjazz_foundation
7.0.2:ifix033
ibmjazz_foundation
7.0.2:ifix034
ibmjazz_foundation
7.0.3
ibmjazz_foundation
7.0.3:ifix001
ibmjazz_foundation
7.0.3:ifix002
ibmjazz_foundation
7.0.3:ifix003
ibmjazz_foundation
7.0.3:ifix004
ibmjazz_foundation
7.0.3:ifix005
ibmjazz_foundation
7.0.3:ifix006
ibmjazz_foundation
7.0.3:ifix007
ibmjazz_foundation
7.0.3:ifix008
ibmjazz_foundation
7.0.3:ifix009
ibmjazz_foundation
7.0.3:ifix010
ibmjazz_foundation
7.0.3:ifix011
ibmjazz_foundation
7.0.3:ifix012
ibmjazz_foundation
7.0.3:ifix013
ibmjazz_foundation
7.0.3:ifix014
ibmjazz_foundation
7.0.3:ifix015
ibmjazz_foundation
7.0.3:ifix016
ibmjazz_foundation
7.1.0
ibmjazz_foundation
7.1.0:ifix001
ibmjazz_foundation
7.1.0:ifix002
ibmjazz_foundation
7.1.0:ifix003
ibmjazz_foundation
7.1.0:ifix004
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7247292