PT-2026-32648 · Ivanti · Ivanti Itsm
Published
2026-04-14
·
Updated
2026-04-19
·
CVE-2026-4914
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Ivanti N-ITSM versions prior to 2025.4
Description
Stored Cross-Site Scripting (XSS) allows a remote authenticated attacker to obtain limited information from other user sessions. This issue requires user interaction to be exploited.
Recommendations
Update to version 2025.4 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Itsm