cbcvebase.
CVE-2022-45928
published 2023-01-18

CVE-2022-45928: A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter…

PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.74%
74.9th percentile
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.

Affected

1 ranges
VendorProductVersion rangeFixed in
opentextopentext_extended_ecm16.2.2 – 22.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.