Alvi Skita

**Name of the Vulnerable Software and Affected Versions** IBM watsonx.ai versions 1.1 through 2.0.3 IBM watsonx.ai on Cloud Pak for Data versions 4.8 through 5.0.3 **Description** This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. The vulnerability is related to cross-site scripting. **Recommendations** For IBM watsonx.ai versions 1.1 through 2.0.3, update to a version outside of this range to mitigate the risk. For IBM watsonx.ai on Cloud Pak for Data versions 4.8 through 5.0.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.