CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4092
https://notcve.org/view.php?id=CVE-2019-4092
25 Apr 2019 — IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. IBM Content Navigator versió... • http://www.ibm.com/support/docview.wss?uid=ibm10874754 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8911
https://notcve.org/view.php?id=CVE-2014-8911
14 Feb 2015 — Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. Vulnerabilidad de XSS en IBM Content Navigator 2.0.0 y 2.0.1 anterior a 2.0.1.2 FP002 IF003 y 2.0.3 anterior a 2.0.3.2 FP002 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera de HTTP Accept-Language. • http://www-01.ibm.com/support/docview.wss?uid=swg21693329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0874
https://notcve.org/view.php?id=CVE-2014-0874
28 Feb 2014 — Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. Vulnerabilidad de XSS en IBM Content Navigator 2.x anterior a 2.0.2.2-ICN-FP002 permite a usuarios remotos autenticados inyectar script web o HTML arbitrarios a través de un parámetro no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21665362 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0858
https://notcve.org/view.php?id=CVE-2014-0858
27 Feb 2014 — IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. IBM Content Navigator 2.x anterior a 2.0.2.2-ICN-FP002 permite a usuarios remotos autenticados evadir restricciones de acceso y realizar ataques de acción de eliminación a través de una URL modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg21665358 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5462
https://notcve.org/view.php?id=CVE-2013-5462
19 Dec 2013 — IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. IBM/ECMClient/configure/explodedformat/navigator/header.jsp en IBM Content Navigator 2.0.0, 2.0.1 anteriores a 2.0.1.2-ICN-FP002, y 2.0.2 anteriores a 2.0.2.1-ICN-FP001 permite a atacantes remotos conducir ataques clickjacking a través de vectores que involuc... • http://www-01.ibm.com/support/docview.wss?uid=swg21660223 • CWE-20: Improper Input Validation •