Cross-Site Scripting Vulnerability in IBM Content Navigator
CVE-2019-4033
5.4MEDIUM
Summary
IBM Content Navigator versions 2.0.3 and 3.0CD are susceptible to a cross-site scripting (XSS) vulnerability that enables an attacker to inject arbitrary JavaScript code into the Web UI. This can compromise the security of users by allowing potential disclosure of sensitive credentials during a trusted session. Attackers could exploit this flaw to manipulate user actions or redirect users to malicious pages, impacting the safety and integrity of the web application.
Affected Version(s)
Content Navigator 2.0.3
Content Navigator 3.0CD
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved