CVE-2025-23227

CWE-79 — Cross-site Scripting (XSS)CWE-306 — Missing Authentication4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 74.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Application Dependency Discovery Manager

Timeline

PublishedJan 23

Description

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 3.1 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/tivoli_application_dependency_discovery_manager7.3.0.0 — 7.3.0.11

▶NVDibm/tivoli_application_dependency_discovery_manager7.3.0.0 — 7.3.0.11

🔴Vulnerability Details

GHSA

GHSA-j53j-hp5h-xgg8: IBM Tivoli Application Dependency Discovery Manager 7↗2025-01-23

▶

CVEList

IBM Tivoli Application Dependency Discovery Manager cross-site scripting↗2025-01-23

▶

📋Vendor Advisories

CISA

NUUO NVRmini2 Devices Missing Authentication Vulnerability↗2024-12-18

▶