CVE-2024-9841 – OpenText ArcSight Management Center and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-9841
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. • https://portal.microfocus.com/s/article/KM000035977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5532 – A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).
https://notcve.org/view.php?id=CVE-2024-5532
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26. • https://portal.microfocus.com/s/article/KM000035731?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-32266 – Code injection vulnerability found in OpenText Application Lifecycle Management (ALM),Quality Center.
https://notcve.org/view.php?id=CVE-2023-32266
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1. La vulnerabilidad de ruta de búsqueda no confiable en OpenText™ Application Lifecycle Management (ALM),Quality Center permite la inclusión de código. La vulnerabilidad permite a un usuario archivar archivos DLL maliciosos en el sistema antes de la instalación. • https://portal.microfocus.com/s/article/KM000024386?language=en_US • CWE-426: Untrusted Search Path •
CVE-2021-38131 – Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-38131
Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000. • https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-38132 – Possible External service interaction Vulnerability
https://notcve.org/view.php?id=CVE-2021-38132
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. • https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •