Cross-Site Scripting Vulnerability in IBM Content Navigator
CVE-2019-4033

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
25 April 2019

Summary

IBM Content Navigator versions 2.0.3 and 3.0CD are susceptible to a cross-site scripting (XSS) vulnerability that enables an attacker to inject arbitrary JavaScript code into the Web UI. This can compromise the security of users by allowing potential disclosure of sensitive credentials during a trusted session. Attackers could exploit this flaw to manipulate user actions or redirect users to malicious pages, impacting the safety and integrity of the web application.

Affected Version(s)

Content Navigator 2.0.3

Content Navigator 3.0CD

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.