CVE-2024-43184

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Published: Sep 4, 2025
Updated: Nov 16, 2025
CVE: CVE-2024-43184
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ibm / jazz_foundation	7.0.2	7.0.2.x
ibm / jazz_foundation	7.0.2-ifix001	7.0.2-ifix001.x
ibm / jazz_foundation	7.0.2-ifix002	7.0.2-ifix002.x
ibm / jazz_foundation	7.0.2-ifix003	7.0.2-ifix003.x
ibm / jazz_foundation	7.0.2-ifix004	7.0.2-ifix004.x
ibm / jazz_foundation	7.0.2-ifix005	7.0.2-ifix005.x
ibm / jazz_foundation	7.0.2-ifix006	7.0.2-ifix006.x
ibm / jazz_foundation	7.0.2-ifix007	7.0.2-ifix007.x
ibm / jazz_foundation	7.0.2-ifix008a	7.0.2-ifix008a.x
ibm / jazz_foundation	7.0.2-ifix009	7.0.2-ifix009.x
ibm / jazz_foundation	7.0.2-ifix010	7.0.2-ifix010.x
ibm / jazz_foundation	7.0.2-ifix011	7.0.2-ifix011.x
ibm / jazz_foundation	7.0.2-ifix012	7.0.2-ifix012.x
ibm / jazz_foundation	7.0.2-ifix013	7.0.2-ifix013.x
ibm / jazz_foundation	7.0.2-ifix014	7.0.2-ifix014.x
ibm / jazz_foundation	7.0.2-ifix016	7.0.2-ifix016.x
ibm / jazz_foundation	7.0.2-ifix017	7.0.2-ifix017.x
ibm / jazz_foundation	7.0.2-ifix018	7.0.2-ifix018.x
ibm / jazz_foundation	7.0.2-ifix020a	7.0.2-ifix020a.x
ibm / jazz_foundation	7.0.2-ifix021	7.0.2-ifix021.x
ibm / jazz_foundation	7.0.2-ifix022	7.0.2-ifix022.x
ibm / jazz_foundation	7.0.2-ifix023	7.0.2-ifix023.x
ibm / jazz_foundation	7.0.2-ifix024	7.0.2-ifix024.x
ibm / jazz_foundation	7.0.2-ifix025	7.0.2-ifix025.x
ibm / jazz_foundation	7.0.2-ifix026a	7.0.2-ifix026a.x
ibm / jazz_foundation	7.0.2-ifix027	7.0.2-ifix027.x
ibm / jazz_foundation	7.0.2-ifix028	7.0.2-ifix028.x
ibm / jazz_foundation	7.0.2-ifix029	7.0.2-ifix029.x
ibm / jazz_foundation	7.0.2-ifix030	7.0.2-ifix030.x
ibm / jazz_foundation	7.0.2-ifix031	7.0.2-ifix031.x
ibm / jazz_foundation	7.0.2-ifix032	7.0.2-ifix032.x
ibm / jazz_foundation	7.0.2-ifix033	7.0.2-ifix033.x
ibm / jazz_foundation	7.0.3	7.0.3.x
ibm / jazz_foundation	7.0.3-ifix001	7.0.3-ifix001.x
ibm / jazz_foundation	7.0.3-ifix002	7.0.3-ifix002.x
ibm / jazz_foundation	7.0.3-ifix003	7.0.3-ifix003.x
ibm / jazz_foundation	7.0.3-ifix004	7.0.3-ifix004.x
ibm / jazz_foundation	7.0.3-ifix005	7.0.3-ifix005.x
ibm / jazz_foundation	7.0.3-ifix006	7.0.3-ifix006.x
ibm / jazz_foundation	7.0.3-ifix007	7.0.3-ifix007.x
ibm / jazz_foundation	7.0.3-ifix008	7.0.3-ifix008.x
ibm / jazz_foundation	7.0.3-ifix009	7.0.3-ifix009.x
ibm / jazz_foundation	7.0.3-ifix010	7.0.3-ifix010.x
ibm / jazz_foundation	7.0.3-ifix011	7.0.3-ifix011.x
ibm / jazz_foundation	7.0.3-ifix012	7.0.3-ifix012.x
ibm / jazz_foundation	7.1.0	7.1.0.x
ibm / jazz_foundation	7.1.0-ifix001	7.1.0-ifix001.x
ibm / jazz_foundation	7.1.0-ifix002	7.1.0-ifix002.x

https://www.ibm.com/support/pages/node/7244013

Vulnerability Database

319,703

CVE-2024-43184

Deep Security Visibility Without the Complexity