Lucene search

IbmVULNRICHMENT:CVE-2023-40684

HistoryOct 04, 2023 - 1:38 p.m.

CVE-2023-40684 IBM Content Navigator cross-site scripting

2023-10-0413:38:40

CWE-79

ibm

github.com

ibm

content navigator

cross-site scripting

vulnerability

javascript

credentials disclosure

x-force id

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

AI Score

6.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019.

References

exchange.xforce.ibmcloud.com/vulnerabilities/264019

https://www.ibm.com/support/pages/node/7046226