CVE-2025-36056

MEDIUM

IBM System Storage Virtualization Engine TS7700 - Authenticated Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7238555

Scores

CVSS v3 5.4
EPSS 0.0011
EPSS Percentile 28.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (3)
ibm/3948-ved_firmware < 8.54.2.17
ibm/3948-vef_firmware < 8.60.0.115
ibm/3957-ved_firmware < 8.54.2.17
Published Jul 01, 2025
Tracked Since Feb 18, 2026