CVE-2017-1751
Description
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in IBM Robotic Process Automation with Automation Anywhere 10.0.0 allows arbitrary JavaScript execution, leading to credential disclosure.
Vulnerability
IBM Robotic Process Automation with Automation Anywhere version 10.0.0.0 is vulnerable to stored cross-site scripting (XSS). This vulnerability allows an attacker to embed arbitrary JavaScript code in the Web UI, which is executed in the context of a user's session when the malicious content is viewed. [1]
Exploitation
To exploit this vulnerability, an attacker must have the ability to inject script code into the Web UI, likely through input fields or other user-controllable content. The attack requires user interaction, as the victim must visit a page containing the injected script. The attack is network-based and requires no authentication. [1]
Impact
Successful exploitation could allow the attacker to alter the intended functionality of the Web UI and potentially obtain sensitive credentials from within a trusted user session. The CVSS vector indicates low impact on confidentiality and integrity. [1]
Mitigation
As of the available references, IBM has not released a fix for this vulnerability. No workarounds or mitigations are documented. Users should monitor IBM's security bulletins for updates. [1]
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 10.0.0
- Range: 10.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.ibm.com/support/docview.wssnvdIssue TrackingVendor Advisory
- www.securityfocus.com/bid/102217nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/135546nvdIssue TrackingVDB EntryVendor Advisory
News mentions
0No linked articles in our index yet.