Cross-site scripting (XSS) vulnerability in OpenText Portal v7.4.4 allows remote attackers to inject arbitrary web script or HTML code via the vgnextoid URI parameter.
Attack vector: Javascript injection in vgnextoid parameter preceded of "-->" (html comment closing sequence)
RESULT:
Found by Héctor Sainz