CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51475 – IBM Content Navigator HTML injection
https://notcve.org/view.php?id=CVE-2024-51475
16 May 2025 — IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. • https://www.ibm.com/support/pages/node/7233695 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56341 – IBM Content Navigator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-56341
02 Apr 2025 — IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7229839 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35896 – IBM Content Navigator server-side request forgery
https://notcve.org/view.php?id=CVE-2023-35896
03 Nov 2023 — IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. IBM Content Navigator 3.0.13 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otro... • https://exchange.xforce.ibmcloud.com/vulnerabilities/259247 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40684 – IBM Content Navigator cross-site scripting
https://notcve.org/view.php?id=CVE-2023-40684
04 Oct 2023 — IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. IBM Content Navigator 3.0.11, 3.0.13 y 3.0.14 con IBM Daeja ViewOne Virtual es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código J... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43581 – IBM Content Navigator code execution
https://notcve.org/view.php?id=CVE-2022-43581
07 Dec 2022 — IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805. IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11 y 3.0.12 es vulnerable a la falta de autorización y podría permitir que un usuario autenticado cargue complementos externos y ejecute código. ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/238805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29714
https://notcve.org/view.php?id=CVE-2021-29714
09 Aug 2021 — IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968. IBM Content Navigator versión 3.0.CD, podría permitir a un usuario malicioso causar una denegación de servicio debido a una comprobación de entrada inapropiada. IBM X-Force ID: 200968 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200968 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20550
https://notcve.org/view.php?id=CVE-2021-20550
27 Apr 2021 — IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168. IBM Content Navigator versión 3.0.CD, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20549
https://notcve.org/view.php?id=CVE-2021-20549
27 Apr 2021 — IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167. IBM Content Navigator versión 3.0.CD, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20448
https://notcve.org/view.php?id=CVE-2021-20448
27 Apr 2021 — IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196624. IBM Content Navigator versión 3.0.CD, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la fu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4934
https://notcve.org/view.php?id=CVE-2020-4934
02 Feb 2021 — IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752. IBM Content Navigator versión 3.0.CD, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (/../) para visualizar archivos arbitrarios ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191752 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •