CVE-2023-38536 - Vulnerability Details - OpenCVE

HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

Configuration 1 [-]

OR	cpe:2.3:a:opentext:exceed_turbox:12.5.0:::::::*
	cpe:2.3:a:opentext:exceed_turbox:12.5.1:::::::*

No data.

References

Link	Providers
https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-03-13T21:18:01.493Z

Updated: 2024-08-02T17:46:55.999Z

Reserved: 2023-07-19T17:13:59.075Z

Link: CVE-2023-38536

Vulnrichment

Updated: 2024-08-02T17:46:55.999Z

NVD

Status : Analyzed

Published: 2024-03-13T22:15:08.710

Modified: 2026-06-17T06:10:40.823

Link: CVE-2023-38536

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38536", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2023-07-19T17:13:59.075Z", "datePublished": "2024-03-13T21:18:01.493Z", "dateUpdated": "2024-08-02T17:46:55.999Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Exceed Turbo X", "vendor": "OpenText\u2122", "versions": [{"status": "affected", "version": "12.5.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HTML injection in OpenText\u2122 Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.  "}], "value": "HTML injection in\u00a0OpenText\u2122\u00a0Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.\u00a0\u00a0"}], "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6 Argument Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-03-13T21:18:01.493Z"}, "references": [{"url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182\">https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182</a>\n\n\n\n<br>"}], "value": " https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182 \n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38536", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-14T15:09:16.445312Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:28.837Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:55.999Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:55.999Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38536", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-14T15:09:16.445312Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:17.720Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6 Argument Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "Exceed Turbo X", "versions": [{"status": "affected", "version": "12.5.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": " https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182 \n\n", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182\">https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182</a>\n\n\n\n<br>", "base64": false}]}], "references": [{"url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "HTML injection in\u00a0OpenText\u2122\u00a0Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.\u00a0\u00a0", "supportingMedia": [{"type": "text/html", "value": "HTML injection in OpenText\u2122 Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.  ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-03-13T21:18:01.493Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38536", "state": "PUBLISHED", "dateUpdated": "2024-08-02T17:46:55.999Z", "dateReserved": "2023-07-19T17:13:59.075Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-03-13T21:18:01.493Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "Exceed Turbo X", "vendor": "OpenText\u2122", "versions": [{"status": "affected", "version": "12.5.1"}]}], "source": "security@opentext.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentext:exceed_turbox:12.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE9861EE-FAF9-4471-BF27-46E7A8B8F8B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:opentext:exceed_turbox:12.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "69487C36-3ED3-4271-A55B-0A98D555BB02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HTML injection in\u00a0OpenText\u2122\u00a0Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.\u00a0\u00a0"}, {"lang": "es", "value": "Inyecci\u00f3n de HTML en OpenText\u2122 Exceed Turbo X que afecta a la versi\u00f3n 12.5.1. La vulnerabilidad podr\u00eda provocar Cross Site Scripting."}], "id": "CVE-2023-38536", "lastModified": "2026-06-17T06:10:40.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.5, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2023-38536", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2024-03-14T15:09:16.445312Z", "version": "2.0.3"}}]}, "published": "2024-03-13T22:15:08.710", "references": [{"source": "security@opentext.com", "tags": ["Permissions Required"], "url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0796182"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@opentext.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}