Opentext : Security Vulnerabilities, CVEs, (XSS)
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.
Max CVSS
5.4
EPSS Score
0.09%
Published
2021-02-26
Updated
2021-03-04
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.
Max CVSS
6.1
EPSS Score
0.55%
Published
2019-03-21
Updated
2019-03-22
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
Max CVSS
6.1
EPSS Score
0.12%
Published
2019-03-22
Updated
2019-03-25
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter.
Max CVSS
5.4
EPSS Score
0.06%
Published
2018-04-11
Updated
2018-05-16
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file.
Max CVSS
5.4
EPSS Score
0.06%
Published
2018-04-11
Updated
2018-05-16
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-10-03
Updated
2017-10-11
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-10-03
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-05-10
Updated
2017-05-17
Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp.
Max CVSS
4.3
EPSS Score
0.26%
Published
2015-08-20
Updated
2018-10-09
Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html.
Max CVSS
4.3
EPSS Score
0.29%
Published
2012-11-26
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.
Max CVSS
4.3
EPSS Score
0.25%
Published
2008-02-14
Updated
2017-08-08
11 vulnerabilities found