Vulnerabilities > Opentext > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2021-22518 | Information Exposure Through Log Files vulnerability in Opentext Identity Manager Azuread Driver A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. | 5.5 |
| 2024-08-05 | CVE-2024-6361 | Cross-site Scripting vulnerability in Opentext ALM Octane Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. | 5.4 |
| 2024-07-31 | CVE-2024-4187 | Cross-site Scripting vulnerability in Opentext Filr 24.1.1/24.2 Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. | 5.4 |
| 2024-02-15 | CVE-2023-6123 | Cross-site Scripting vulnerability in Opentext ALM Octane Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. | 6.1 |
| 2024-01-29 | CVE-2023-4553 | Unspecified vulnerability in Opentext Appbuilder 21.2 Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. | 5.3 |
| 2024-01-29 | CVE-2023-4554 | XXE vulnerability in Opentext Appbuilder 21.2 Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. | 6.5 |
| 2021-02-26 | CVE-2021-3010 | Cross-site Scripting vulnerability in Opentext Content Server 20.3 There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. | 5.4 |
| 2019-03-22 | CVE-2018-20165 | Cross-site Scripting vulnerability in Opentext Portal 7.4.4 Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. | 6.1 |
| 2019-03-21 | CVE-2019-7416 | Open Redirect vulnerability in Opentext Documentum Webtop 5.3 XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. | 6.1 |
| 2018-04-11 | CVE-2018-7660 | Cross-site Scripting vulnerability in Opentext Documentum D2 4.6.0030 In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter. | 5.4 |