OnDemand User Group
General => Announcements & News => Topic started by: Justin Derrick on April 02, 2015, 05:32:08 AM
-
There were two security bulletins issued April 2nd for Content Navigator ("ICN"), and ICN 2.0.3 FixPack 3 released April 1st (no joke!).
Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input
http://www-01.ibm.com/support/docview.wss?uid=swg21700205
Security Bulletin: IBM Content Navigator affected by dojox/form/resources/*.swf and dojox/av/resources/*.swf XSS vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21696244
Here's the FixPack announcement:
http://www-01.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/readme/icn_fixpack2.0.3.300_readme.html
Stay safe!
-JD.