CVE-2025-36397

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-36397

Summary: CVE-2025-36397 affects IBM Application Gateway 23.10–25.09 and is a vulnerability to HTML injection (basic XSS) that could execute code in a victim’s browser within the hosting site’s security context. What’s affected: IBM Application Gateway 23.10–25.09 (also echoed across Red Hat and C...