Cross-Site Scripting Vulnerability in IBM FileNet Content Manager
CVE-2014-4763

Currently unrated

Key Information:

Vendor: IBM
Status: Filenet Content Foundation; Filenet Content Manager
Vendor: CVE Published:; 15 September 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the Content Navigator component of IBM FileNet Content Manager. This flaw enables remote authenticated users to craft URLs that inject arbitrary web scripts or HTML into the application. When exploited, this could lead to unauthorized access, session hijacking, and other security risks for users interacting with affected instances of FileNet Content Manager and Content Foundation.

References

http://www.securityfocus.com/bid/69798

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/94660

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21679930

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 15, 2014
Vulnerability Reserved
Jul 9, 2014