Cross-Site Scripting Vulnerability in IBM Content Navigator
CVE-2019-4033

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Content Navigator
Vendor: CVE Published:; 25 April 2019

Summary

IBM Content Navigator versions 2.0.3 and 3.0CD are susceptible to a cross-site scripting (XSS) vulnerability that enables an attacker to inject arbitrary JavaScript code into the Web UI. This can compromise the security of users by allowing potential disclosure of sensitive credentials during a trusted session. Attackers could exploit this flaw to manipulate user actions or redirect users to malicious pages, impacting the safety and integrity of the web application.

Affected Version(s)

Content Navigator 2.0.3

Content Navigator 3.0CD

References

https://www.ibm.com/support/docview.wss?uid=ibm10869046

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/155999

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 25, 2019
Vulnerability Reserved
Jan 3, 2019