CVE-2018-20165
CVE-2018-20165 describes a cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4. The issue arises from insufficient validation of client-side data, enabling an attacker to inject arbitrary script or HTML via the vgnextoid parameter in a menuitem URI. Documents consistently reference ...