CVE-2026-4914 | THREATINT

Description

Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required.

PUBLISHED Reserved 2026-03-26 | Published 2026-04-14 | Updated 2026-04-14 | Assigner ivanti

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

Product status

Default status

affected

2025.4

unaffected

Default status

affected

2025.4

unaffected

References

hub.ivanti.com/...CVE-2026-4913-CVE-2026-4914?language=en_US

cve.org (CVE-2026-4914)

nvd.nist.gov (CVE-2026-4914)

Download JSON

help @ threatint.eu