Improper Neutralization of Input During Web Page... · CVE-2022-26328 · GitHub Advisory Database · GitHub

Improper Neutralization of Input During Web Page...

Low severity Unreviewed Published Aug 21, 2024 to the GitHub Advisory Database • Updated Aug 21, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63.

References

Published by the National Vulnerability Database

Aug 21, 2024

Published to the GitHub Advisory Database Aug 21, 2024

Last updated Aug 21, 2024

Severity

Low

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity High

Attack Requirements None

Privileges Required Low

User interaction Active

Vulnerable System Impact Metrics

Confidentiality None

Integrity Low

Availability Low

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability Low

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Clear