Content Navigator
by IBM
CVEs (14)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1243 | Med | 0.35 | 5.4 | 0.00 | Apr 2, 2026 | IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |
| CVE-2017-1522 | Med | 0.35 | 5.4 | 0.00 | Oct 5, 2017 | IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832. | |
| CVE-2017-1502 | Med | 0.35 | 5.4 | 0.00 | Sep 7, 2017 | IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577. | |
| CVE-2017-1331 | Med | 0.35 | 5.4 | 0.00 | Aug 4, 2017 | IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233. | |
| CVE-2017-1282 | Med | 0.35 | 5.4 | 0.00 | May 22, 2017 | IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760. | |
| CVE-2017-1146 | Med | 0.35 | 5.4 | 0.00 | Mar 20, 2017 | IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736. | |
| CVE-2025-27906 | 0.00 | — | 0.00 | Oct 14, 2025 | IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified. | ||
| CVE-2024-51475 | 0.00 | — | 0.00 | May 16, 2025 | IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||
| CVE-2024-56341 | 0.00 | — | 0.00 | Apr 2, 2025 | IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||
| CVE-2015-1888 | 0.00 | — | 0.00 | Oct 3, 2015 | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||
| CVE-2014-8911 | 0.00 | — | 0.00 | Feb 14, 2015 | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. | ||
| CVE-2014-0874 | 0.00 | — | 0.00 | Feb 28, 2014 | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. | ||
| CVE-2014-0858 | 0.00 | — | 0.00 | Feb 27, 2014 | IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. | ||
| CVE-2013-5462 | 0.00 | — | 0.00 | Dec 19, 2013 | IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. |
- risk 0.35cvss 5.4epss 0.00
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- risk 0.35cvss 5.4epss 0.00
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832.
- risk 0.35cvss 5.4epss 0.00
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577.
- risk 0.35cvss 5.4epss 0.00
IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233.
- risk 0.35cvss 5.4epss 0.00
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760.
- risk 0.35cvss 5.4epss 0.00
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736.
- CVE-2025-27906Oct 14, 2025risk 0.00cvss —epss 0.00
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.
- CVE-2024-51475May 16, 2025risk 0.00cvss —epss 0.00
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
- CVE-2024-56341Apr 2, 2025risk 0.00cvss —epss 0.00
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- CVE-2015-1888Oct 3, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
- CVE-2014-8911Feb 14, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header.
- CVE-2014-0874Feb 28, 2014risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.
- CVE-2014-0858Feb 27, 2014risk 0.00cvss —epss 0.00
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.
- CVE-2013-5462Dec 19, 2013risk 0.00cvss —epss 0.00
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements.