anonhaven
Ad

CVE-2026-1243

MEDIUM CVSS 3.1: 5.4 EPSS 0.03%
Updated Apr 07, 2026
Microsoft
Parameter Value
CVSS 5.4 (MEDIUM)
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Microsoft
Public PoC No

IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 6

Configuration From (including) Up to (excluding)
Ibm Content_Navigator
cpe:2.3:a:ibm:content_navigator:3.0.15:-:*:*:*:*:*:*
Ibm Content_Navigator
cpe:2.3:a:ibm:content_navigator:3.1.0:-:*:*:*:*:*:*
Ibm Content_Navigator
cpe:2.3:a:ibm:content_navigator:3.2.0:-:*:*:*:*:*:*
Ibm Aix
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Windows
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References 1

https://www.ibm.com/support/pages/node/7268006
psirt@us.ibm.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6318

Linux

8.8

CVE-2026-6317

Linux

8.8

CVE-2026-6316

Linux

8.8

CVE-2026-6314

Linux

8.3

CVE-2026-6313

Linux

3.1