Published: 18/01/2023 Updated: 25/01/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

A remote OScript execution issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an malicious user to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opentext opentext extended ecm

OpenText Extended ECM versions 1622 through 223 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities ...

NVD-CWE-Other https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/http://seclists.org/fulldisclosure/2023/Jan/14 http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html https://nvd.nist.gov https://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-45928

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect