CVE-2025-66486

Published: Apr 02, 2026 Last Modified: Apr 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Incomplete

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

https://www.ibm.com/support/pages/node/7267848

CVE-2025-66486

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter