Cross-Site Scripting Vulnerability in IBM Content Navigator
CVE-2019-4033

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Content Navigator
Vendor
CVE Published:
25 April 2019

Summary

IBM Content Navigator versions 2.0.3 and 3.0CD are susceptible to a cross-site scripting (XSS) vulnerability that enables an attacker to inject arbitrary JavaScript code into the Web UI. This can compromise the security of users by allowing potential disclosure of sensitive credentials during a trusted session. Attackers could exploit this flaw to manipulate user actions or redirect users to malicious pages, impacting the safety and integrity of the web application.

Affected Version(s)

Content Navigator 2.0.3

Content Navigator 3.0CD

References

https://www.ibm.com/support/docview.wss?uid=ibm10869046
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/155999
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.