IBM Content Navigator Website Allows Malicious Code Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

IBM Content Navigator Website Allows Malicious Code Injection

CVE-2026-1243

Summary

Authenticated users can add malicious JavaScript code to the IBM Content Navigator website, potentially allowing them to access sensitive information. This could happen even when a user is already logged in and trusted. To fix the issue, update to a version of IBM Content Navigator that is not vulnerable.

Original title

Original description

IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

nvd CVSS3.1 5.4

https://www.ibm.com/support/pages/node/7268006

Published: 2 Apr 2026 · Updated: 2 Apr 2026 · First seen: 2 Apr 2026