Unrated severityNVD Advisory· Published Jan 18, 2023· Updated Apr 4, 2025
CVE-2022-45928
CVE-2022-45928
Description
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenText/Content Suite Platformdescription
- Range: = 22.1 (16.2.19.1803)
Patches
Vulnerability mechanics
References
3- seclists.org/fulldisclosure/2023/Jan/14mitremailing-list
- packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.htmlmitre
- sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/mitre
News mentions
0No linked articles in our index yet.