This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
"}],"value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. \n\nThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \n\nThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26."}],"impacts":[{"capecId":"CAPEC-63","descriptions":[{"lang":"en","value":"CAPEC-63 Cross-Site Scripting (XSS)"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"AUTOMATIC","Safety":"NEGLIGIBLE","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"LOCAL","baseScore":1.8,"baseSeverity":"LOW","privilegesRequired":"HIGH","providerUrgency":"RED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"CONCENTRATED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f81092c5-7f14-476d-80dc-24857f90be84","shortName":"OpenText","dateUpdated":"2024-10-28T18:52:59.971Z"},"references":[{"url":"https://portal.microfocus.com/s/article/KM000035731?language=en_US"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"OpenText™ Operations Agent (OA) Security Bulletin - A low severity stored XSS vulnerability has been discovered.\n\n