Security Bulletin: IBM Content Navigator is vulnerable to a Code Inject Exploit due to Daeja ViewOne Virtual (CVE-2023-40684)

Summary Daeja ViewOne Virtual is used by IBM Content Navigator as part of the document viewer. CVE-2023-40684. Vulnerability Details CVEID:CVE-2023-40684 DESCRIPTION: IBM Content Navigator with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to emb...

CVE-2023-40684

IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

Cross site scripting

IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2023-40684

CVE-2023-40684 affects IBM Content Navigator on 3.0.11/3.0.13/3.0.14 when used with IBM Daeja ViewOne Virtual. The issue is a cross-site scripting vulnerability that lets a user embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Docum...

Security Bulletin: Daeja ViewONE Virtual is affected by a Cross-Site Scripting vulnerability

Summary IBM Daeja ViewONE Virtual is vulnerable to Persistent Cross-site Scripting attack Vulnerability Details CVEID: CVE-2018-1399 DESCRIPTION: IBM Daeja ViewONE Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus...

Security Bulletin: ViewONE is vulnerable to XXE attack via HTTP payload (CVE-2019-4456)

Summary A specially crafted XML payload to the ViewONE service can result in a denial of service attack. Vulnerability Details CVEID: CVE-2019-4456 DESCRIPTION: IBM Daeja ViewONE Professional, Standard & Virtual is vulnerable to an XML External Entity Injection XXE attack when processing XML data...

IBM Daeja ViewONE Virtual Information Disclosure Vulnerability (NVD-C-2019-144873)

IBM Daeja ViewONE Virtual is an HTML5-based document and image viewer from IBM USA. The product is primarily used to view, annotate and print images and documents. An information disclosure vulnerability exists in IBM Daeja ViewONE Virtual versions 5.0 through 5.0.6, which can be exploited by an...

IBM Daeja ViewONE Virtual Code Issue Vulnerability

IBM Daeja ViewONE Virtual is an HTML5-based document and image viewer from IBM USA. The product is primarily used to view, annotate and print images and documents. A code issue vulnerability exists in IBM Daeja ViewONE Virtual. An attacker could exploit the vulnerability to disclose sensitive...

IBM Daeja ViewONE Virtual Information Disclosure Vulnerability

IBM Daeja ViewONE Virtual is an HTML5-based document and image viewer from IBM USA. The product is primarily used to view, annotate and print images and documents. An information disclosure vulnerability exists in IBM Daeja ViewONE Virtual versions 5.0 through 5.0.5, which can be exploited by an...

IBM Daeja ViewONE Virtual XXE Vulnerability

IBM Daeja ViewONE Virtual is a document viewer from IBM USA that supports viewing of TIFF, PDF and Office-based documents. A security vulnerability exists in IBM Daeja ViewONE Virtual. A remote attacker could exploit the vulnerability to disclose sensitive information or consume memory resources...

IBM Daeja ViewONE Virtual Cross-Site Scripting Vulnerability

IBM Daeja ViewONE Virtual is a document viewer from IBM USA that supports viewing of TIFF, PDF and Office-based documents. A cross-site scripting vulnerability exists in IBM Daeja ViewONE Virtual. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Daeja ViewONE Arbitrary File Download Vulnerability

IBM Daeja ViewONE Virtual, Daeja ViewONE Standard, and Daeja ViewONE Professional are all products of IBM Corporation of the U.S.A. IBM Daeja ViewONE Virtual is a document viewer that supports TIFF, PDF, and Office-based documents. IBM Daeja ViewONE Virtual is a document viewer that supports TIFF...