Medium severity6.4NVD Advisory· Published May 26, 2026· Updated Jun 1, 2026
CVE-2025-36126
CVE-2025-36126
Description
IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >= 11.2.4, <= 12.1.0
- Range: >= 11.2.0, <= 12.1.0
Patches
Vulnerability mechanics
References
1- www.ibm.com/support/pages/node/7272628nvdVendor Advisory
News mentions
0No linked articles in our index yet.