Content Navigator@2.0.3 Security Vulnerabilities and Issues — Content Navigator@2.0.3 CVE List

Lucene search

IbmContent Navigator2.0.3

9 matches found

CVE•added 2019/04/25 3:29 p.m.•46 views

CVE-2019-4092

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicio...

6.8CVSS5.8AI score0.00246EPSS

CVE•added 2017/03/20 4:59 p.m.•40 views

CVE-2017-1146

IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736.

5.4CVSS5.2AI score0.00227EPSS

CVE•added 2017/10/05 5:29 p.m.•36 views

CVE-2017-1522

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

5.4CVSS5.2AI score0.00198EPSS

CVE•added 2018/05/31 9:29 p.m.•35 views

CVE-2018-1496

IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-...

5.4CVSS5.2AI score0.00216EPSS

CVE•added 2015/10/03 10:59 p.m.•33 views

CVE-2015-1888

Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitra...

3.5CVSS5.2AI score0.00166EPSS

CVE•added 2015/02/14 2:59 a.m.•32 views

CVE-2014-8911

Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header.

4.3CVSS5.7AI score0.00236EPSS

CVE•added 2017/09/07 4:29 p.m.•32 views

CVE-2017-1502

5.4CVSS5.2AI score0.00227EPSS

CVE•added 2018/01/29 4:29 p.m.•31 views

CVE-2018-1364

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.

8.2CVSS7.9AI score0.00556EPSS

CVE•added 2019/04/25 3:29 p.m.•27 views

CVE-2019-4033

IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999.

5.4CVSS5.2AI score0.00158EPSS