Cross-Site Scripting Vulnerability in IBM Content Navigator
CVE-2019-4033

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Content Navigator
Vendor: CVE Published:; 25 April 2019

What is CVE-2019-4033?

IBM Content Navigator versions 2.0.3 and 3.0CD are susceptible to a cross-site scripting (XSS) vulnerability that enables an attacker to inject arbitrary JavaScript code into the Web UI. This can compromise the security of users by allowing potential disclosure of sensitive credentials during a trusted session. Attackers could exploit this flaw to manipulate user actions or redirect users to malicious pages, impacting the safety and integrity of the web application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Content Navigator 2.0.3

Content Navigator 3.0CD

References

https://www.ibm.com/support/docview.wss?uid=ibm10869046

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/155999

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 25, 2019
Vulnerability Reserved
Jan 3, 2019

JSON

IBM