Description
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037704
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21660223
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88358
Scores
EPSS
0.0180
EPSS Percentile
75.9%
Details
CWE
CWE-20
Status
published
Products (3)
ibm/content_navigator
2.0.0
ibm/content_navigator
2.0.1
ibm/content_navigator
2.0.2
Published
Dec 19, 2013
Tracked Since
Feb 18, 2026