CVE-2019-4033
https://notcve.org/view.php?id=CVE-2019-4033
IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999. IBM Content Navigator versión 2.0.3 y versión 3.0CD es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios introducir un código JavaScript arbitrario en la interfaz del usuario web, por lo tanto, modificar la funcionalidad deseada que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/155999 https://www.ibm.com/support/docview.wss?uid=ibm10869046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4035
https://notcve.org/view.php?id=CVE-2019-4035
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. IBM Content Navigator 3.0CD podría permitir que los atacantes dirijan el tráfico web a un sitio malicioso. • http://www.ibm.com/support/docview.wss?uid=ibm10869060 http://www.securityfocus.com/bid/107557 https://exchange.xforce.ibmcloud.com/vulnerabilities/156001 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-4034
https://notcve.org/view.php?id=CVE-2019-4034
IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000. IBM Content Navigator 3.0CD podría permitir que un atacante ejecute código arbitrario en el puesto de trabajo de un usuario. Al editar un archivo ejecutable en ICN con el servicio "Edit", se ejecutará en el puesto de trabajo del usuario. • http://www.securityfocus.com/bid/107426 https://exchange.xforce.ibmcloud.com/vulnerabilities/156000 https://www.ibm.com/support/docview.wss?uid=ibm10869066 •
CVE-2018-1496
https://notcve.org/view.php?id=CVE-2018-1496
IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219. IBM Content Navigator, en sus versiones 2.0.3, 3.0.0, 3.0.1, 3.0.2 y 3.0.3 , es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22015420 http://www.securityfocus.com/bid/104374 https://exchange.xforce.ibmcloud.com/vulnerabilities/141219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1366
https://notcve.org/view.php?id=CVE-2018-1366
IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452. IBM Content Navigator 2.0 y 3.0 es vulnerable a una inyección CSV (Comma Separated Value). Un atacante podría explotar esta vulnerabilidad para explotar otras vulnerabilidades en software de hojas de cálculo. • http://www.ibm.com/support/docview.wss?uid=swg22012674 https://exchange.xforce.ibmcloud.com/vulnerabilities/137452 •