CVE-2024-12863

Severity CVSS v4.0:

MEDIUM

Type:

CWE-79 Cross-Site Scripting (XSS)

Publication date:

21/04/2025

Last modified:

23/04/2025

Description

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 5.60 MEDIUM
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): Present
Privileges Required (PR): High
User Interaction (UI): Active
Confidentiality (VC): Low
Integrity (VI): High
Availability (VA): None
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None

Base Score 4.0

5.60

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839121