logo
Vulnerability feed
Contributors
About
Blog
CONTRIBUTE

Vulnerability

warn

CVE-2022-45928

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2022-45928

Description:
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.
Last updated date:
01/25/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
01/25/2023
Reference url to background

http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html

Type:
exploit
Confidence:
HIGH
Date of publishing:
01/25/2023
Reference url to background

http://seclists.org/fulldisclosure/2023/Jan/14

Type:
exploit
Confidence:
HIGH
Date of publishing:
01/25/2023
Reference url to background

https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy