CVE-2024-10923

EUVD-2024-33352
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ ALM Octane Management allows Stored XSS. The vulnerability could result in a remote code execution attack. 

This issue affects ALM Octane Management: from 16.2.100 through 24.4.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
opentextalm_octane
16.2.100 ≤
𝑥
≤ 24.4
ADP
Common Weakness Enumeration
References
https://portal.microfocus.com/s/article/KM000036146?language=en_US