Skip to main content

Content Navigator CVE-2015-1888

LOW
Cross-site Scripting (XSS) (CWE-79)
2015-10-03 psirt@us.ibm.com
3.5
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 03, 2015 - 22:59 cve.org
LOW 3.5

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

AnalysisAI

Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Affected products include: Ibm Content Navigator. Version information: before 2.0.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2020-4757 MEDIUM POC
6.4 Dec 21

IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. Rated medium

CVE-2022-43581 HIGH
8.8 Dec 07

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 i

CVE-2020-4253 HIGH
8.8 Mar 24

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to imperson

CVE-2019-4034 HIGH
8.8 Mar 14

IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. Rated high sev

CVE-2018-1364 HIGH
8.2 Jan 29

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data

CVE-2018-1366 HIGH
7.8 Feb 07

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. Rated high severity (CVSS 7.8)

CVE-2021-29714 MEDIUM
6.5 Aug 09

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation.

CVE-2019-4092 MEDIUM
6.1 Apr 25

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect

CVE-2017-1331 MEDIUM
5.4 Aug 04

IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vuln

CVE-2017-1502 MEDIUM
5.4 Sep 07

IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS

CVE-2017-1282 MEDIUM
5.4 May 22

IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this v

CVE-2017-1146 MEDIUM
5.4 Mar 20

IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vul

Share

CVE-2015-1888 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy