This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVEID: CVE-2017-1282**
DESCRIPTION:** IBM Content Navigator & CMIS is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124760 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
IBM Content Navigator versions 2.0.3.5 - 2.0.3.8
IBM Content Navigator version 3.0.0
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Content Navigator| 2.0.3.8| Contact customer support center for the fix and instructions
IBM Content Navigator| 3.0.0| Contact customer support center for the fix and instructions
None