Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2023-98176
HistoryOct 11, 2023 - 12:00 a.m.

IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2023-98176)

2023-10-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
ibm
content navigator
cross-site scripting
vulnerability
web client
international business machines
searching
processing documents
content servers
web browser
filtering
escaping
user-supplied data
attacker
arbitrary web script
html
crafted payload

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

12.9%

JSON

IBM Content Navigator is a Web client from International Business Machines (IBM). The product supports searching and processing documents stored in content servers from a Web browser. IBM Content Navigator suffers from a cross-site scripting vulnerability that stems from the application’s lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload.

Related

nvd 1
prion 1
ibm 3
cve 1
cvelist 1
nvd
nvd
CVE-2023-40684
2023-10-04 14:15:10
prion
prion
Cross site scripting
2023-10-04 14:15:00
ibm
ibm
Security Bulletin: IBM Content Navigator is vulnerable to a Code Inject Exploit due to Daeja ViewOne Virtual (CVE-2023-40684)
2024-01-11 00:47:46
Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2023-40684
2024-02-02 11:16:14
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023
2023-11-24 15:07:23
cve
cve
CVE-2023-40684
2023-10-04 14:15:10
cvelist
cvelist
CVE-2023-40684 IBM Content Navigator cross-site scripting
2023-10-04 13:38:40

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

12.9%

JSON
Related for CNVD-2023-98176
nvd1prion1ibm3cve1cvelist1