Reflected cross-site scripting issue using the “Accept-Language” header parameter affects IBM Content Navigator.
CVEID: CVE-2014-8911**
DESCRIPTION:** IBM Content Navigator is vulnerable to reflected cross-site scripting, caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99252 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM Content Navigator 2.0.3, 2.0.2, 2.0.1, and 2.0.0
IBM Content Navigator is a component that is available to customers in these products (and the products that contain them):
Version 2.0.3 Apply fix pack 2.0.3.2-ICN-FP002, or higher
Version 2.0.2 Apply fix pack 2.0.2.7-ICN-FP007, or higher
Version 2.0.1 Apply fix pack 2.0.1.2-ICN-FP002 and iFix 2.0.1.2-ICN-IF003
Version 2.0.0 Upgrade to Version 2.0.3 and Apply fix pack 2.0.3.2-ICN-FP002, or higher
N/A
CPE | Name | Operator | Version |
---|---|---|---|
ibm content navigator | eq | 2.0.3 |