XSS in Ibm Content_navigator
CVE-2014-0874
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (40.3th percentile) — read the EPSS interpretation.
Affected products
- Ibm Content_navigator — versions 2.0.0, 2.0.1, 2.0.2
- N/a — versions n/a
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
- 65852 (vdb-entry, x_refsource_BID)
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
- ibm-cn-cve20140874-xss(91002) (vdb-entry, x_refsource_XF)
- 1030011 (vdb-entry, x_refsource_SECTRACK)