IBM Cloud Pak for Applications is an application from IBM of America, Inc. providing cloud-native development solutions that deliver rapid value. IBM Cloud Pak for Applications has a cross-site scripting vulnerability that stems from the application’s IBM Cloud Pak being vulnerable to cross-site scripting attacks. An attacker could exploit the vulnerability to allow a user to embed arbitrary JavaScript code in the Web UI to change the intended functionality, which could result in exposing credentials in a trusted session.