Cross-Site Scripting Vulnerability in IBM Storage TS4500 Library
CVE-2025-36239

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Storage Ts4500 Library
Vendor: CVE Published:; 27 September 2025

What is CVE-2025-36239?

The IBM Storage TS4500 Library is affected by a cross-site scripting vulnerability that permits unauthenticated attackers to inject and execute arbitrary JavaScript code via the Web UI. This manipulation could compromise the integrity of user sessions, potentially leading to unauthorized access to sensitive information or service functionality.

Affected Version(s)

Storage TS4500 Library 1.11.0.0

Storage TS4500 Library 2.11.0.0

References

https://www.ibm.com/support/pages/node/7246246

vendor-advisorypatch

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2025
Vulnerability Reserved
Apr 15, 2025

JSON