CVE-2024-28784

MEDIUM

IBM QRadar SIEM 7.5 - Stored Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-28784. PoCs published by CainSoulless.

AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2024-28784, a stored XSS vulnerability in IBM QRadar SIEM's Rule Wizard component. The vulnerability allows attackers to inject malicious JavaScript via the regular expression field, which executes when other users interact with the rule.

Description

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.

Exploits (1)

nomisec WRITEUP

by CainSoulless · poc

https://github.com/CainSoulless/CVE-2024-28784

View Code ZIP pw:eip

This repository contains a detailed writeup for CVE-2024-28784, a stored XSS vulnerability in IBM QRadar SIEM's Rule Wizard component. The vulnerability allows attackers to inject malicious JavaScript via the regular expression field, which executes when other users interact with the rule.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: IBM Security QRadar SIEM 7.5.0 UpdatePackage 7 (Build 20230822112654)

Auth required

Prerequisites: Authenticated access to QRadar SIEM · Permissions to create/edit rules

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://https://www.ibm.com/support/pages/node/7145260

VDB Entry, Vendor Advisory vdb-entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/285893

Scores

CVSS v3 5.4

EPSS 0.0034

EPSS Percentile 25.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

ibm/qradar_security_information_and_event_manager 7.5.0 (8 CPE variants)

Published Mar 27, 2024

Tracked Since Feb 18, 2026