Cross-Site Scripting Vulnerability in IBM Content Navigator
CVE-2018-1496

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Content Navigator
Vendor
CVE Published:
31 May 2018

Summary

IBM Content Navigator versions 2.0.3 and 3.0.0 to 3.0.3 are susceptible to cross-site scripting attacks. This vulnerability enables malicious users to inject arbitrary JavaScript code within the web interface, potentially compromising user sessions and allowing unauthorized access to sensitive information. Implications of this security flaw could include credential disclosure and alteration of application behavior. Users are advised to implement security measures and stay updated with vendor patches to mitigate risks.

Affected Version(s)

Content Navigator 2.0.3

Content Navigator 3.0.0

Content Navigator 3.0.1

References

http://www.securityfocus.com/bid/104374
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22015420
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/141219
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.