Abstract Advisory Information
Security issue affecting the product IBM CONTENT NAVIGATOR, the feature to add a document is vulnerable to stored Cross Site Scripting attack if the document added is an HTML file.
IBM Support Reference: 2003928
IBM Security Bulletin:
Authors: Dominique Righetto
Versions 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 3.0.0
Common Vulnerability Scoring System
The vulnerability is fixed is the following VRMF (contact customer support center for the fix and instructions):
Vulnerability Disclosure Timeline
- 2017-04-13: Security note sent to IBM Product Security Incident Response Team about the vulnerability.
- 2017-04-13: Acknowledge from IBM Product Security Incident Response Team about reception of our note.
- 2017-05-18: Acknowledge from IBM Product Security Incident Response Team about the issue validity and start working on a fix (CVE ID created by IBM).
- 2017-08-03: Publishing of the security bulletin by IBM indicating the availability of patches.
- 2017-08-04: Publishing of the Security Advisory.