Vulnerability Details CVE-2025-36396
IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.8%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2025-36396
-
cpe:2.3:a:ibm:application_gateway:24.03
-
cpe:2.3:a:ibm:application_gateway:24.09