High
CVSS: 7.4
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScri…
High
CVSS: 8.3
Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs.
This issue affects Filr: through 25.1.2.
Medium
CVSS: 5.3
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.
The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText applicati…
High
CVSS: 7.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when t…
Medium
CVSS: 5.3
Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery.
The vulnerability could allow an attacker to
perform blind SSRF to other systems accessible from the XM Fax server.
This issue af…
High
CVSS: 7.1
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal.
The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesy…
High
CVSS: 7.0
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL…
Medium
CVSS: 5.9
Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malic…
Medium
CVSS: 5.3
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2.
Low
CVSS: 1.0
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API withou…
Low
CVSS: 1.0
SQL Injection vulnerability in opentext Flipper allows SQL Injection.
The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.
This issue…
Medium
CVSS: 5.3
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2.
Low
CVSS: 2.3
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the applic…
Medium
CVSS: 5.3
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file
path and then download the specified file from the system by requesting the
st…