Cross-Site Scripting Vulnerability in IBM Content Navigator
CVE-2018-1496
5.4MEDIUM
Summary
IBM Content Navigator versions 2.0.3 and 3.0.0 to 3.0.3 are susceptible to cross-site scripting attacks. This vulnerability enables malicious users to inject arbitrary JavaScript code within the web interface, potentially compromising user sessions and allowing unauthorized access to sensitive information. Implications of this security flaw could include credential disclosure and alteration of application behavior. Users are advised to implement security measures and stay updated with vendor patches to mitigate risks.
Affected Version(s)
Content Navigator 2.0.3
Content Navigator 3.0.0
Content Navigator 3.0.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved