Using XSS attack, an attacker may inject Javascript code by modifying input fields in Datacap Navigator.
CVEID:CVE-2020-4935
**DESCRIPTION:**IBM Datacap Fastdoc Capture is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191753 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
Datacap Navigator | 9.1.7 |
** Product**
|
** VRMF**
|
** Remediation/First Fix**
—|—|—
Datacap Navigator
|
9.1.8
|
Upgrade to 9.1.8 iFix 001, available from Fix Central
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm datacap | eq | any |