Cross-Site Scripting Vulnerability in IBM Content Navigator
CVE-2018-1496

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Content Navigator
Vendor
CVE Published:
31 May 2018

What is CVE-2018-1496?

IBM Content Navigator versions 2.0.3 and 3.0.0 to 3.0.3 are susceptible to cross-site scripting attacks. This vulnerability enables malicious users to inject arbitrary JavaScript code within the web interface, potentially compromising user sessions and allowing unauthorized access to sensitive information. Implications of this security flaw could include credential disclosure and alteration of application behavior. Users are advised to implement security measures and stay updated with vendor patches to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Content Navigator 2.0.3

Content Navigator 3.0.0

Content Navigator 3.0.1

References

http://www.securityfocus.com/bid/104374
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22015420
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/141219
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.