CVE-2020-4792
Description
IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Edge 4.2 is vulnerable to stored cross-site scripting, allowing authenticated users to inject arbitrary JavaScript into the Web UI, potentially leading to credential disclosure.
Vulnerability
IBM Edge version 4.2 is vulnerable to cross-site scripting (XSS) in the Web UI. The vulnerability allows users to embed arbitrary JavaScript code, altering intended functionality. The affected product is IBM Edge 4.2 [1].
Exploitation
An attacker with low-privileged access (authenticated user) can inject malicious scripts into the Web UI. The attack requires user interaction (the victim must view the crafted page). The CVSS vector indicates network access, low complexity, and required user interaction [1].
Impact
Successful exploitation could lead to credentials disclosure within a trusted session. The attacker can execute arbitrary JavaScript in the context of the victim's session, potentially stealing session cookies or performing actions on behalf of the victim. The CVSS score is 5.4 (medium) with impacts to confidentiality and integrity [1].
Mitigation
IBM has released a fix in the form of updated Docker images that are automatically pulled from Docker Hub and the IBM Entitled Registry. Users should ensure they are running the latest images. No workarounds are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IBM/Edgev5Range: 4.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/189441mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6439819mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.