CVE-2024-4187
EUVD-2024-3274331.07.2024, 21:15
Stored XSS vulnerability has been discovered in OpenTextâ„¢ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| opentext | filr | 24.1.1 |
| opentext | filr | 24.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-356 - Product UI does not Warn User of Unsafe ActionsThe software's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.