A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.
The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.
This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
Problem Types
| Type | CWE ID | Description |
|---|
| CWE | CWE-79 | CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') |
Type: CWE
Description: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Metrics
| Version | Base score | Base severity | Vector |
|---|
| 4.0 | 1.8 | LOW | CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red |
Version: 4.0
Base score: 1.8
Base severity: LOW
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red
Impacts
| CAPEC ID | Description |
|---|
| CAPEC-63 | CAPEC-63 Cross-Site Scripting (XSS) |
Description: CAPEC-63 Cross-Site Scripting (XSS)