CVE-2024-5532

MEDIUM

Microfocus Operations Agent < 12.26 - XSS

Title source: rule

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.

References (1)

[Vendor Advisory] https://portal.microfocus.com/s/article/KM000035731?language=en_US

Scores

CVSS v3 4.8

EPSS 0.0018

EPSS Percentile 38.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

microfocus/operations_agent < 12.26

Timeline

Published Oct 28, 2024

Tracked Since Feb 18, 2026