CVE-2024-10865 CRITICAL

CVE-2024-10865: Reflected Cross-Site Scripting vulnerability in OpenText Advanced Authentication

Vendor Opentext

Product Advance Authentication

Weakness CWE-79 · XSS

Published May 14, 2025

Last update May 20, 2025

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/U:Amber

What the vulnerability does

01Description

Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5.

Key dates

02Disclosure timeline

May 14, 2025 CVE published

May 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-10865 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-22295 WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability CVE-2025-24675 WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-51831 WordPress Persian Nested Show/Hide Text plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability CVE-2021-47839 Marky 0.0.1 - Persistent Cross-Site Scripting CVE-2024-10792 Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting