CVE-2021-31504

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 package 16.6.3.134. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

CVE-2021-31513

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2021-31487

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-31494

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-31496

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-31478

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2021-22532

Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000...

CVE-2021-22508

A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application...

CVE-2022-26323

Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite Containerized, OpenText™ UCMDB Classic and Containerized allows Privilege Escalation. The vulnerability could allow authenticated attackers to elevate user privileges. This iss...

CVE-2024-2834

A Stored Cross-Site Scripting XSS vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited...

CVE-2024-2835

A Stored Cross-Site Scripting XSS vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited...

CVE-2025-11884

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4...

EUVD-2025-198222

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4...

CVE-2025-11884

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4...

CVE-2025-11884 Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4...

OpenText UCMDB 跨站脚本漏洞

OpenText UCMDB is a software from OpenText Canada Inc. It is used to generate and maintain a configuration management database for information technology projects. A cross-site scripting vulnerability exists in OpenText UCMDB version 24.4, which stems from improper input neutralization during web...

PT-2025-47533

Name of the Vulnerable Software and Affected Versions opentext uCMDB version 24.4 Description A flaw exists in opentext uCMDB that allows for Stored Cross-site Scripting XSS. An attacker with high-level access to uCMDB can create or update data containing malicious scripts. The vulnerability aris...

CVE-2025-8050

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8049

Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2...

CVE-2025-8052

SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...