CVE-2026-1243

EUVD-2026-18112 MEDIUM

2026-04-02 ibm

GHSA-x8pv-gc6r-gh6r

5.4

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 02, 2026 - 01:00 vuln.today

EUVD ID Assigned

Apr 02, 2026 - 01:00 euvd

EUVD-2026-18112

Patch Released

Apr 02, 2026 - 01:00 nvd

Patch available

CVE Published

Apr 02, 2026 - 00:14 nvd

MEDIUM 5.4

Description

IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Analysis

Authenticated stored cross-site scripting (XSS) in IBM Content Navigator versions 3.0.15, 3.1.0, and 3.2.0 allows logged-in users to inject arbitrary JavaScript into the Web UI, potentially enabling credential theft or session hijacking within trusted browser contexts. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting exposure to insider threats and social engineering scenarios where victims click attacker-controlled links. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +27

POC: 0

CVE-2026-1243 vulnerability details – vuln.today

Back

CVE-2026-1243

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-1243

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code