CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4092
https://notcve.org/view.php?id=CVE-2019-4092
25 Apr 2019 — IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. IBM Content Navigator versió... • http://www.ibm.com/support/docview.wss?uid=ibm10874754 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1366
https://notcve.org/view.php?id=CVE-2018-1366
07 Feb 2018 — IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452. IBM Content Navigator 2.0 y 3.0 es vulnerable a una inyección CSV (Comma Separated Value). Un atacante podría explotar esta vulnerabilidad para explotar otras vulnerabilidades en software de hojas de cálculo. • http://www.ibm.com/support/docview.wss?uid=swg22012674 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1888
https://notcve.org/view.php?id=CVE-2015-1888
03 Oct 2015 — Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Content Navigator 2.0.2 en versiones anteriores a 2.0.2-ICN-FP007 y 2.0.3 en versiones anteriores a 2.0.3-ICN-FP003, como se utiliza en Content... • http://www-01.ibm.com/support/docview.wss?uid=swg21700205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8911
https://notcve.org/view.php?id=CVE-2014-8911
14 Feb 2015 — Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. Vulnerabilidad de XSS en IBM Content Navigator 2.0.0 y 2.0.1 anterior a 2.0.1.2 FP002 IF003 y 2.0.3 anterior a 2.0.3.2 FP002 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera de HTTP Accept-Language. • http://www-01.ibm.com/support/docview.wss?uid=swg21693329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •