CVE-2025-36397

Name of the Vulnerable Software and Affected Versions IBM Application Gateway versions 23.10 through 25.09

Description A remote attacker could inject malicious HTML code. When viewed, this code would be executed in the victim’s Web browser within the security context of the hosting site. The issue is an HTML injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.