CVE-2025-36126EPSS p8.1%

CVE-2025-36126CVE-2025-36126

ibm / cognos_analytics

Description

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Scoring

CVSS 6.4 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS0.18% probability of exploitation · percentile 8.1% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3633
CVE
CVE-2025-2697
CVE
CVE-2025-36148
CVE
CVE-2025-36106
CVE
CVE-2025-0602
CVE
CVE-2025-66444
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.