CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35896 – IBM Content Navigator server-side request forgery
https://notcve.org/view.php?id=CVE-2023-35896
03 Nov 2023 — IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. IBM Content Navigator 3.0.13 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otro... • https://exchange.xforce.ibmcloud.com/vulnerabilities/259247 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40684 – IBM Content Navigator cross-site scripting
https://notcve.org/view.php?id=CVE-2023-40684
04 Oct 2023 — IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. IBM Content Navigator 3.0.11, 3.0.13 y 3.0.14 con IBM Daeja ViewOne Virtual es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código J... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •