Skip to main content

Filenet Content Manager CVE-2018-1555

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-07-06 psirt@us.ibm.com
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 06, 2018 - 14:29 nvd
MEDIUM 5.4

DescriptionNVD

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892.

AnalysisAI

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892. Affected products include: Ibm Filenet Content Manager, Ibm Content Foundation.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2020-4759 HIGH
7.8 Nov 09

IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. Rated high severity (CVSS 7.8),

CVE-2018-1844 HIGH
7.1 Oct 12

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processin

CVE-2018-1542 HIGH
7.1 Jul 06

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform

CVE-2023-35905 MEDIUM
5.4 Oct 04

IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. Rated medium severity (CVSS

CVE-2020-4447 MEDIUM
5.4 Jul 23

IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), thi

CVE-2018-1556 MEDIUM
5.4 Jul 06

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), thi

CVE-2019-4572 MEDIUM
4.4 Oct 14

IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into

CVE-2013-5449 MEDIUM
4.3 Dec 04

Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable

CVE-2013-6746 MEDIUM
4.3 Jan 22

Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.

CVE-2014-4763 LOW
3.5 Sep 15

Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x bef

Share

CVE-2018-1555 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy