IBM Robotic Process Automation is a robotic process automation product from International Business Machines (IBM), Inc. A cross-site scripting vulnerability exists in IBM Robotic Process Automation for Cloud Pak, which stems from the fact that it allows users to embed arbitrary JavaScript code in the Web UI to change the intended functionality, potentially leading to a trusted The vulnerability is caused by allowing users to embed arbitrary JavaScript code in the Web UI to change the expected functionality, which could lead to the disclosure of credentials in a trusted session, which could be exploited by an attacker to cause a cross-site scripting attack.