Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager for ACH and Check Services
CVE-2025-33135

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Financial Transaction Manager For Ach Services And Check Services For Multi-platform
Vendor: CVE Published:; 17 February 2026

What is CVE-2025-33135?

This vulnerability in IBM Financial Transaction Manager for ACH Services and Check Services allows an unauthenticated attacker to inject arbitrary JavaScript into the web interface. As a result, this could lead to unauthorized manipulation of the application's functionality and potentially expose user credentials within authenticated sessions. This exploit underscores the importance of implementing robust input validation and output encoding to mitigate such security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 <= 3.0.5.4 Interim Fix 027

References

https://www.ibm.com/support/pages/node/7260111

vendor-advisorypatch

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 17, 2026
Vulnerability Reserved
Apr 15, 2025

JSON

IBM