PT-2025-41143 · Ibm · Ibm Engineering Requirements Management Doors Next
Published
2025-10-07
·
Updated
2025-10-07
·
CVE-2025-1826
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Engineering Requirements Management DOORS Next versions 7.0.2 through 7.0.2 iFix034
IBM Engineering Requirements Management DOORS Next versions 7.0.3 through 7.0.3 iFix016
IBM Engineering Requirements Management DOORS Next versions 7.1.0 through 7.1.0 iFix004
Description
The software is susceptible to stored cross-site scripting. An authenticated user on the host network can embed arbitrary JavaScript code into the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session.
Recommendations
Update IBM Engineering Requirements Management DOORS Next to a version after 7.0.2 iFix034.
Update IBM Engineering Requirements Management DOORS Next to a version after 7.0.3 iFix016.
Update IBM Engineering Requirements Management DOORS Next to a version after 7.1.0 iFix004.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Engineering Requirements Management Doors Next