CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1146
https://notcve.org/view.php?id=CVE-2017-1146
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736. IBM Content Navigator 2.0.3 y 3.0.0 son vulnerables a secuencias de comandos en sitios cruzados. Esta vulnerabilidad permita a usuarios incrustar código JavaScript arbitrario en la Web UI alterando así la funcionalidad potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21999736 http://www.securityfocus.com/bid/96761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1888
https://notcve.org/view.php?id=CVE-2015-1888
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Content Navigator 2.0.2 en versiones anteriores a 2.0.2-ICN-FP007 y 2.0.3 en versiones anteriores a 2.0.3-ICN-FP003, como se utiliza en Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand y otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21700205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8911
https://notcve.org/view.php?id=CVE-2014-8911
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. Vulnerabilidad de XSS en IBM Content Navigator 2.0.0 y 2.0.1 anterior a 2.0.1.2 FP002 IF003 y 2.0.3 anterior a 2.0.3.2 FP002 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera de HTTP Accept-Language. • http://www-01.ibm.com/support/docview.wss?uid=swg21693329 https://exchange.xforce.ibmcloud.com/vulnerabilities/99252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0874
https://notcve.org/view.php?id=CVE-2014-0874
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. Vulnerabilidad de XSS en IBM Content Navigator 2.x anterior a 2.0.2.2-ICN-FP002 permite a usuarios remotos autenticados inyectar script web o HTML arbitrarios a través de un parámetro no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21665362 http://www-01.ibm.com/support/docview.wss?uid=swg21668907 http://www.securityfocus.com/bid/65852 http://www.securitytracker.com/id/1030011 https://exchange.xforce.ibmcloud.com/vulnerabilities/91002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0858
https://notcve.org/view.php?id=CVE-2014-0858
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. IBM Content Navigator 2.x anterior a 2.0.2.2-ICN-FP002 permite a usuarios remotos autenticados evadir restricciones de acceso y realizar ataques de acción de eliminación a través de una URL modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg21665358 https://exchange.xforce.ibmcloud.com/vulnerabilities/90864 • CWE-264: Permissions, Privileges, and Access Controls •