Cross-Site Scripting Vulnerability in IBM Datacap Fastdoc Capture
CVE-2020-4935

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Datacap Navigator
Vendor: CVE Published:; 1 July 2021

What is CVE-2020-4935?

IBM Datacap Fastdoc Capture, particularly version 9.1.7, has a vulnerability that allows attackers to exploit cross-site scripting issues via the web interface. This flaw can enable the insertion of arbitrary JavaScript code by users, potentially compromising the security of user credentials during active sessions. The vulnerability poses significant risks as it can lead to unintended alterations in functionality and expose sensitive information within trusted environments.

Affected Version(s)

Datacap Navigator 9.1.7

References

https://www.ibm.com/support/pages/node/6468407

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/191753

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2021
Vulnerability Reserved
Dec 30, 2019