Lucene search
K

210 matches found

RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.7 views

CVE-2025-36396

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.1AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 4:16 p.m.5 views

CVE-2025-36397

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 4:16 p.m.9 views

CVE-2025-36397

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 4:16 p.m.2 views

CVE-2025-36396

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score
Exploits0References1
NVD
NVD
added 2026/01/20 4:16 p.m.8 views

CVE-2025-36396

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 3:23 p.m.3 views

CVE-2025-36397

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.4AI score0.00162EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 3:23 p.m.5 views

CVE-2025-36397 Security vulnerabilities have been found in IBM Application Gateway

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 3:23 p.m.17 views

CVE-2025-36397 Security vulnerabilities have been found in IBM Application Gateway

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 3:22 p.m.16 views

CVE-2025-36396 Security vulnerabilities have been found in IBM Application Gateway

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 3:22 p.m.5 views

CVE-2025-36396 Security vulnerabilities have been found in IBM Application Gateway

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.1AI score0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 3:22 p.m.16 views

CVE-2025-36396

IBM Application Gateway 23.10–25.09 is affected by a cross-site scripting vulnerability in the Web UI that an authenticated user can abuse to inject JavaScript, potentially exposing credentials in a trusted session. The CVE (CVE-2025-36396) is documented across NVD and vendor advisories, with a C...

5.4CVSS5.1AI score0.00147EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/20 3:22 p.m.2 views

CVE-2025-36396

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS4.9AI score0.00147EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3622

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.1AI score0.00147EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3623

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.10 views

IBM Application Gateway cross-site scripting vulnerability

IBM Application Gateway is an application gateway offered by the American multinational company International Business Machines IBM. It provides a containerized secure web reverse proxy that is designed to be placed before your applications, seamlessly adding authentication and authorization...

5.4CVSS5.8AI score0.00147EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

IBM Application Gateway security vulnerabilities

IBM Application Gateway is an application gateway offered by the American multinational company International Business Machines IBM. It provides a containerized secure web reverse proxy that is designed to be placed before your applications, seamlessly adding authentication and authorization...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/16 9:33 p.m.16 views

CVE-2026-21905

A Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the SIP application layer gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow...

8.7CVSS7AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2026/01/15 9:16 p.m.13 views

CVE-2026-21905

A Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the SIP application layer gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow...

8.7CVSS0.00367EPSS
Exploits0References2
CVE
CVE
added 2026/01/15 8:19 p.m.33 views

CVE-2026-21905

CVE-2026-21905 affects Juniper Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC. The vulnerability is a loop with an unreachable exit condition in the SIP application layer gateway (ALG) that can be triggered by processing multiple SIP messages over TCP. This causes the flow management...

8.7CVSS6.6AI score0.00367EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/15 8:19 p.m.2 views

CVE-2026-21905

A Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the SIP application layer gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow...

8.7CVSS5.5AI score0.00367EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder