CVE-2025-36396

Name of the Vulnerable Software and Affected Versions IBM Application Gateway versions 23.10 through 25.09

Description The software is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session.

Recommendations Update to a version later than 25.09.