Stored Cross-Site Scripting in IBM FileNet Content Manager and IBM Content Navigator
CVE-2020-4757
6.4MEDIUM
Summary
The stored cross-site scripting vulnerability in IBM FileNet Content Manager and IBM Content Navigator allows attackers to inject arbitrary JavaScript code into the web interface. This exploitation enables unauthorized actions, such as altering the intended functionality of the applications and potentially disclosing sensitive user credentials during trusted sessions. This risk underscores the importance of securing web applications to prevent malicious scripts from running in user browsers.
Affected Version(s)
Content Navigator 3.0.CD
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved