243 matches found
EUVD-2026-18112
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2026-1243 IBM Content Navigator is affected by , a Cross-Site Scripting (XSS) vulnerability
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2026-1243 IBM Content Navigator is affected by , a Cross-Site Scripting (XSS) vulnerability
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
PT-2026-29656
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
Security Bulletin: IBM Content Navigator is affected by CVE-2026-1243, a Cross-Site Scripting (XSS) vulnerability
Summary IBM Content Navigator is affected by CVE-2026-1243, a Cross-Site Scripting XSS vulnerability that allows an authenticated user to embed arbitrary JavaScript into the Web UI. This could alter intended application behaviour and potentially lead to credentials disclosure within a trusted...
Security Bulletin: IBM Content Navigator is affected by Log4J
Summary IBM Content Navigator is affected by multiple vulnerabilities in Apache Log4j 1.x, a logging library that reached end of life in August 2015. These include multiple Deserialization of Untrusted Data flaws CVE-2019-17571, CVE-2021-4104, CVE-2022-23302, CVE-2022-23307, CVE-2023-26464 in...
Security Bulletin: IBM Content Navigator is affected by JDOM
Summary IBM Content Navigator is affected by CVE-2021-33813, an XML External Entity XXE injection vulnerability CWE-611 in the SAXBuilder component of the JDOM library through version 2.0.6. A remote attacker could exploit this via a crafted HTTP request to cause a denial of service condition. Th...
Security Bulletin: IBM Content Navigator is affect my Apache Xalan
Summary IBM Content Navigator is affected by CVE-2022-34169, a remote code execution vulnerability CWE-681 in the Apache Xalan Java XSLT library. An integer truncation flaw in the processing of XSLT stylesheets allows a remote attacker to supply a specially crafted stylesheet and execute arbitrar...
Security Bulletin: IBM Content Navigator is affected by Apache Xerces2
Summary IBM Content Navigator is affected by multiple vulnerabilities in the Apache Xerces2 Java XML parser library. CVE-2009-2625 and CVE-2022-23437 describe infinite loop conditions triggered by malformed XML input, leading to application hang or denial of service. CVE-2012-0881 allows CPU...
CVE-2023-40684
IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library
Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. A vulnerability where the fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive, but String.toLowerCase has Locale-dependent exceptions that could potentially result in...
Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library
Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. The vulnerability involves another data bypass issue relaed to data binding field protection Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...
Security Bulletin: Local File Inclusion (LFI) vulnerability in IBM Content Navigator
Summary A Local File Inclusion LFI vulnerability has been identified in IBM Content Navigator ICN, where an authenticated attacker can exploit an HTTPS request URL in a way that it will return content of any file from the server where ICN is running. Vulnerability Details CVEID:CVE-2025-27906...
CVE-2025-27906
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified...
CVE-2025-27906
Summary: CVE-2025-27906 affects IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0, exposing a directory listing via an application URL. The IBM bulletin confirms an LFI-style exposure where an authenticated attacker can view file and folder names in the server’s browser, but cannot read or m...
CVE-2025-27906 IBM Content Navigator information disclosure
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified...
CVE-2025-27906 IBM Content Navigator information disclosure
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified...
EUVD-2014-0904
Malware in sbrugna...
EUVD-2015-1993
Malware in sbrugna...
EUVD-2020-25934
Malware in sbrugna...