Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
IBM Aspera Faspex 5: Malicious Code Can Be Injected in Web Interface
CVE-2025-36226
Summary
IBM Aspera Faspex 5, a file transfer software, has a security weakness that lets a logged-in user sneak malicious code into the web interface. This could potentially allow an attacker to steal sensitive information from a trusted session. Update to a fixed version to protect your system.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | aspera_faspex | > 5.0.0 , <= 5.0.15 | – |
Original title
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the ...
Original description
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
nvd CVSS3.1
5.4
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026