Cross-Site Scripting Vulnerability in IBM ApplinX 11.1
CVE-2025-36409

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Applinx
Vendor: CVE Published:; 20 January 2026

What is CVE-2025-36409?

IBM ApplinX 11.1 contains a vulnerability that enables authenticated users to execute arbitrary JavaScript code within the Web UI. This flaw could compromise the intended functionality of the application, leading to the potential exposure of sensitive information, including user credentials, during trusted sessions.

Affected Version(s)

ApplinX 11.1

References

https://www.ibm.com/support/pages/node/7257446

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2026
Vulnerability Reserved
Apr 15, 2025

JSON