CVE-2024-39728

Name of the Vulnerable Software and Affected Versions: IBM Datacap Navigator versions 9.1.5 through 9.1.9

Description: The issue exists due to insufficient protection of the web page structure, allowing for stored cross-site scripting attacks. This enables users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session.

Recommendations: For versions 9.1.5 through 9.1.9, consider disabling the Web UI functionality until a patch is available to prevent exploitation of the stored cross-site scripting vulnerability. Restrict access to the Web UI to minimize the risk of credentials disclosure within a trusted session.