CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38119 – Possible Reflected Cross-Site Scripting (XSS) Vulnerability in OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38119
22 Nov 2024 — Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38134 – Possible Reflected and Stored XSS in OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38134
22 Nov 2024 — Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000. • https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38135 – Possible External service interaction Vulnerability in OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38135
22 Nov 2024 — Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000. • https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html • CWE-406: Insufficient Control of Network Message Volume (Network Amplification) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26324 – Possible XSS in iManager URL for access Component
https://notcve.org/view.php?id=CVE-2022-26324
22 Nov 2024 — Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000. Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000. • https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch1_releasenotes/imanager326_patch1_releasenotes.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24466 – Possible XML External Entity Injection in OpenText iManager
https://notcve.org/view.php?id=CVE-2023-24466
22 Nov 2024 — Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200. Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24467 – Possible Command Injection in OpenText iManager
https://notcve.org/view.php?id=CVE-2023-24467
22 Nov 2024 — Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000. Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000. • https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10923 – Improper Neutralization vulnerability has been discovered in OpenText™ ALM Octane Management.
https://notcve.org/view.php?id=CVE-2024-10923
12 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ ALM Octane Management allows Stored XSS. The vulnerability could result in a remote code execution attack. This issue affects ALM Octane Management: from 16.2.100 through 24.4. Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ ALM Octane Management allows Stored XSS. The vulnerability could result in a remote code executio... • https://portal.microfocus.com/s/article/KM000036146?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9841 – OpenText ArcSight Management Center and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-9841
08 Nov 2024 — A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. • https://portal.microfocus.com/s/article/KM000035977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-5532 – A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).
https://notcve.org/view.php?id=CVE-2024-5532
28 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26. • https://portal.microfocus.com/s/article/KM000035731?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32266 – Code injection vulnerability found in OpenText Application Lifecycle Management (ALM),Quality Center.
https://notcve.org/view.php?id=CVE-2023-32266
16 Oct 2024 — Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1. La vulnerabilidad de ruta de búsqueda no confiable en OpenText™ Application Lifecycle Managem... • https://portal.microfocus.com/s/article/KM000024386?language=en_US • CWE-426: Untrusted Search Path •