CVE-2018-1676
Description
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Planning Analytics 2.0.0-2.0.4 vulnerable to cross-site scripting (XSS) in Web UI, allowing arbitrary JavaScript execution and potential credential theft.
Vulnerability
IBM Planning Analytics versions 2.0.0 through 2.0.4 [1] are vulnerable to a cross-site scripting (XSS) vulnerability in the Web UI. The vulnerability allows users to embed arbitrary JavaScript code into web pages, which is then executed in the context of other users' sessions.
Exploitation
An attacker can craft a malicious URL or input that contains JavaScript code. When a victim with a trusted session accesses the crafted content, the attacker's script executes within the victim's browser. The attacker does not require authentication but must trick a legitimate user into clicking the malicious link or viewing the crafted content [1].
Impact
Successful exploitation leads to execution of arbitrary JavaScript in the victim's browser within the context of the Planning Analytics Web UI. This can result in disclosure of sensitive session information, including credentials, and potential further compromise of the victim's account [1].
Mitigation
IBM has fixed this vulnerability in Planning Analytics version 2.0.5 [1]. Users should upgrade to 2.0.5 or later. No workarounds are documented. The vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=2.0.4
- Range: 2.0.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- exchange.xforce.ibmcloud.com/vulnerabilities/145118mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.