Ibm

Content Navigator

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-51475

  • EPSS 0.06%
  • Veröffentlicht 16.05.2025 01:15:51
  • Zuletzt bearbeitet 04.06.2025 20:02:45

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

5.4

CVE-2024-56341

  • EPSS 0.03%
  • Veröffentlicht 02.04.2025 15:15:57
  • Zuletzt bearbeitet 13.08.2025 00:33:27

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr...

5.4

CVE-2023-35896

  • EPSS 0.05%
  • Veröffentlicht 03.11.2023 03:15:07
  • Zuletzt bearbeitet 21.11.2024 08:08:56

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X...

5.4

CVE-2023-40684

  • EPSS 0.07%
  • Veröffentlicht 04.10.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 08:19:58

IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...

8.8

CVE-2022-43581

  • EPSS 0.14%
  • Veröffentlicht 07.12.2022 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:26:49

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Forc...

6.5

CVE-2021-29714

  • EPSS 0.2%
  • Veröffentlicht 09.08.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:41

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968.

5.4

CVE-2021-20448

  • EPSS 0.14%
  • Veröffentlicht 27.04.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:46:36

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

5.4

CVE-2021-20549

  • EPSS 0.16%
  • Veröffentlicht 27.04.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:46:45

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

5.4

CVE-2021-20550

  • EPSS 0.16%
  • Veröffentlicht 27.04.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:46:45

IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

4.3

CVE-2020-4934

  • EPSS 0.16%
  • Veröffentlicht 02.02.2021 15:15:16
  • Zuletzt bearbeitet 21.11.2024 05:33:26

IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 1917...