IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
PUBLISHED5.2ApplicationCWE-80
XSS in IBM Aspera Faspex
Problem type
Affected products
IBM
Aspera Faspex 5
<= 5.0.14.1 - AFFECTED
References
GitHub Security Advisories
GHSA-rh9m-3jjg-79rv
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker...
https://github.com/advisories/GHSA-rh9m-3jjg-79rvIBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-36230Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-36230",
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"dateUpdated": "2025-12-26T15:14:53.108Z",
"dateReserved": "2025-04-15T21:16:42.824Z",
"datePublished": "2025-12-26T14:22:46.035Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm",
"dateUpdated": "2025-12-26T14:22:46.035Z"
},
"title": "XSS in IBM Aspera Faspex",
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.</p>"
}
]
}
],
"affected": [
{
"vendor": "IBM",
"product": "Aspera Faspex 5",
"cpes": [
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_faspex_5:5.0.14.1:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "5.0.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "5.0.14.1"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7255331",
"tags": [
"vendor-advisory",
"patch"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
}
],
"solutions": [
{
"lang": "en",
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below. Product Fixing VRM Platform Link to Fix IBM Aspera Faspex 5.0.14.2 Linux click here",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below. Product Fixing VRM Platform Link to Fix IBM Aspera Faspex 5.0.14.2 Linux click here</p>"
}
]
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-26T15:14:53.108Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}