CVE-2014-0874

Low

Low Medium High Critical

CVSS Score

Published: Feb 28, 2014

Last Modified: Apr 29, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.

Known Affected Software

3 configuration(s) from 1 vendor(s)

content_navigator

Version:

2.0.0

CPE:

cpe:2.3:a:ibm:content_navigator:2.0.0:*:*:*:*:*:*:*

content_navigator

Version:

2.0.2

CPE:

cpe:2.3:a:ibm:content_navigator:2.0.2:*:*:*:*:*:*:*

content_navigator

Version:

2.0.1

CPE:

cpe:2.3:a:ibm:content_navigator:2.0.1:*:*:*:*:*:*:*

This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description: The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood: High
Typical Severity: Medium
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base