CVE-2025-12635
published 2025-12-08CVE-2025-12635: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | >= 17.0.0.3 < 26.0.0.1 | 26.0.0.1 |
| ibm | websphere_application_server | >= 8.5 < 8.5.5.29 | 8.5.5.29 |
| ibm | websphere_application_server | >= 9.0 < 9.0.5.27 | 9.0.5.27 |
| ibm | websphere_application_server | 9.0 – 2.0.18 | — |
| ibm | websphere_application_server_liberty | 17.0.0.3 – 25.0.0.12 | — |