Vulnerabilities > IBM > Content Navigator > 2.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-03 | CVE-2015-1888 | Cross-site Scripting vulnerability in IBM Content Navigator 2.0.2/2.0.3 Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-02-28 | CVE-2014-0874 | Cross-Site Scripting vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.2 Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter. | 3.5 |
2014-02-27 | CVE-2014-0858 | Permissions, Privileges, and Access Controls vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.2 IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. | 3.5 |
2013-12-19 | CVE-2013-5462 | Improper Input Validation vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.2 IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. | 4.3 |