CNNVD-202509-4400 Information

Sep 29, 2025 cve

CNNVD ID

CNNVD-202509-4400

CVE-2025-36352

  • CNNVD Published: 2025-09-29

Description (Chinese)

IBM License Metric Tool是美国国际商业机器(IBM)公司的一套可帮助IBM Passport Advantage(软件升级与支持服务)客户决定其处理器价值单元(PVU)许可需求的免费工具。 IBM License Metric Tool 9.2.40及之前版本存在跨站脚本漏洞,该漏洞源于允许经过身份验证的用户在Web UI中嵌入任意JavaScript代码,可能导致存储型跨站脚本攻击和凭据泄露。

Description (English)

IBM License Metric Tool is a set of free tools by the United States International Business Machine (IBM) to help IBM Passport Advantage (Software Upgrading and Support Services) clients determine their processing unit (PVU) licence requirements. IBM License Medical Tool 9.2.40 and earlier versions had a cross-site script loophole, which stemmed from allowing any JavaScript code to be embedded in Web UI by an identified user, which could lead to storage-type cross-site script attacks and leaks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

国际商业机器

Published

2025-09-29

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7246534

Patch

https://www.ibm.com/support/pages/node/7246534

Share on: