CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4092
https://notcve.org/view.php?id=CVE-2019-4092
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. IBM Content Navigator versión 2.0.3 y versión 3.0 CD podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto. • http://www.ibm.com/support/docview.wss?uid=ibm10874754 https://exchange.xforce.ibmcloud.com/vulnerabilities/157654 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8911
https://notcve.org/view.php?id=CVE-2014-8911
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. Vulnerabilidad de XSS en IBM Content Navigator 2.0.0 y 2.0.1 anterior a 2.0.1.2 FP002 IF003 y 2.0.3 anterior a 2.0.3.2 FP002 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera de HTTP Accept-Language. • http://www-01.ibm.com/support/docview.wss?uid=swg21693329 https://exchange.xforce.ibmcloud.com/vulnerabilities/99252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0874
https://notcve.org/view.php?id=CVE-2014-0874
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. Vulnerabilidad de XSS en IBM Content Navigator 2.x anterior a 2.0.2.2-ICN-FP002 permite a usuarios remotos autenticados inyectar script web o HTML arbitrarios a través de un parámetro no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21665362 http://www-01.ibm.com/support/docview.wss?uid=swg21668907 http://www.securityfocus.com/bid/65852 http://www.securitytracker.com/id/1030011 https://exchange.xforce.ibmcloud.com/vulnerabilities/91002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0858
https://notcve.org/view.php?id=CVE-2014-0858
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. IBM Content Navigator 2.x anterior a 2.0.2.2-ICN-FP002 permite a usuarios remotos autenticados evadir restricciones de acceso y realizar ataques de acción de eliminación a través de una URL modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg21665358 https://exchange.xforce.ibmcloud.com/vulnerabilities/90864 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5462
https://notcve.org/view.php?id=CVE-2013-5462
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. IBM/ECMClient/configure/explodedformat/navigator/header.jsp en IBM Content Navigator 2.0.0, 2.0.1 anteriores a 2.0.1.2-ICN-FP002, y 2.0.2 anteriores a 2.0.2.1-ICN-FP001 permite a atacantes remotos conducir ataques clickjacking a través de vectores que involucran elementos FRAME. • http://www-01.ibm.com/support/docview.wss?uid=swg21660223 http://www.securitytracker.com/id/1037704 https://exchange.xforce.ibmcloud.com/vulnerabilities/88358 • CWE-20: Improper Input Validation •