IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
CVEID: CVE-2015-1888
IBM Content Navigator is vulnerable to cross-site scripting. The vulnerability is caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101262 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
IBM Content Navigator 2.0.3
IBM Content Navigator is a component that is available to customers in these products (and the products that contain them):
Version 2.0.2 Apply fix pack 2.0.2-ICN-FP007, or higher
Version 2.0.3 Apply fix pack 2.0.3-ICN-FP003, or higher
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm content navigator | eq | 2.0.3 | |
ibm content navigator | eq | 2.0.2 |