CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3010
https://notcve.org/view.php?id=CVE-2021-3010
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. Se presenta múltiples vulnerabilidades de tipo cross-site scripting (XSS) persistentes en la interfaz web de OpenText Content Server Versión 20.3. La aplicación permite a un atacante remoto introducir JavaScript arbitrario diseñando valores de formulario maliciosos que luego no son saneados • https://www.exploit-db.com/exploits/49578 https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12270
https://notcve.org/view.php?id=CVE-2019-12270
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. • https://packetstormsecurity.com/files/150125/Brava-Enterprise-Server-16.4-Information-Disclosure.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20165
https://notcve.org/view.php?id=CVE-2018-20165
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. Una vulnerabilidad Cross-Site Scripting (XSS) en OpenText Portal 7.4.4 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro vgnextoid en un URI menuitem. • https://github.com/hect0rS/Reflected-XSS-on-Opentext-Portal-v7.4.4/blob/master/readme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7416 – OpenText Documentum Webtop 5.3 SP2 Open Redirect
https://notcve.org/view.php?id=CVE-2019-7416
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable. Existe Cross-Site Scripting (XSS) y/o una redirección de URL del lado del cliente en OpenText Documentum Webtop 5.3 SP2. El parámetro startat en "/webtop/help/en/default.htm" es vulnerable. OpenText Documentum Webtop version 5.3.SP2 suffers from an open redirection vulnerability. • http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html http://seclists.org/fulldisclosure/2019/Feb/26 https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7660
https://notcve.org/view.php?id=CVE-2018-7660
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter. En OpenText Documentum D2 Webtop v4.6.0030 build 059, una vulnerabilidad Cross-Site Scripting (XSS) reflejado podría ser explotada por usuarios maliciosos para comprometer el sistema afectado mediante los parámetros servlet/Download _docbase o _username. • https://vipinxsec.blogspot.com/2018/04/reflected-xss-in-documentum-d2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •