CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4571
https://notcve.org/view.php?id=CVE-2019-4571
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721. Content Navigator versión 3.0CD de IBM es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conducir a la divulgación de credenciales dentro de una sesión de confianza. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166721 https://www.ibm.com/support/pages/node/1073576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4263
https://notcve.org/view.php?id=CVE-2019-4263
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. Content Navigator versión 3.0CD de IBM, es vulnerable a la inclusión de archivos locales, permitiendo a un atacante acceder a un archivo de configuración en el servidor ICN. ID de IBM X-Force: 160015. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160015 https://www.ibm.com/support/docview.wss?uid=ibm10882412 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4092
https://notcve.org/view.php?id=CVE-2019-4092
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. IBM Content Navigator versión 2.0.3 y versión 3.0 CD podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto. • http://www.ibm.com/support/docview.wss?uid=ibm10874754 https://exchange.xforce.ibmcloud.com/vulnerabilities/157654 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4033
https://notcve.org/view.php?id=CVE-2019-4033
IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999. IBM Content Navigator versión 2.0.3 y versión 3.0CD es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios introducir un código JavaScript arbitrario en la interfaz del usuario web, por lo tanto, modificar la funcionalidad deseada que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/155999 https://www.ibm.com/support/docview.wss?uid=ibm10869046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4035
https://notcve.org/view.php?id=CVE-2019-4035
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. IBM Content Navigator 3.0CD podría permitir que los atacantes dirijan el tráfico web a un sitio malicioso. • http://www.ibm.com/support/docview.wss?uid=ibm10869060 http://www.securityfocus.com/bid/107557 https://exchange.xforce.ibmcloud.com/vulnerabilities/156001 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •