CVE-2024-51475 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in IBM Content Navigator

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA5.4

EPSS

0.1%

top 73.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Content Navigator

Timeline

PublishedMay 16

Description

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/content_navigator3.0.11, 3.0.15, 3.1.0+2

▶NVDibm/content_navigator3.0.11, 3.0.15, 3.1.0+2

🔴Vulnerability Details

CVEList

IBM Content Navigator HTML injection↗2025-05-16

▶

GHSA

GHSA-qmpm-vw3w-fpxq: IBM Content Navigator 3↗2025-05-16

▶