IBM Financial Transaction Manager: Malicious Code Injection via Web UI

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.1

IBM Financial Transaction Manager: Malicious Code Injection via Web UI

CVE-2025-33135

Summary

Attackers can inject malicious code into the system's web interface, potentially stealing sensitive information from a trusted session. This means that an attacker doesn't need to log in to access confidential data. Affected systems should be updated to the latest patch to prevent this risk.

Original title

Original description

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

nvd CVSS3.1 6.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://www.ibm.com/support/pages/node/7260111

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026