CVE-2025-13672

High CVSS: 7.0

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side.

This issue affects Web Site Management Server: 16.7.0, 16.7.1.

Vendor

Opentext

Product

Web Site Management Server

CWE

CWE-79

Yayın Tarihi

2026-02-19 23:16:15

Güncelleme

2026-02-27 23:55:48

Source Identifier

security@opentext.com

KEV Date Added

Kategoriler

CWE-79 Web Site Management Server HIGH Opentext 2026

Referanslar

https://support.opentext.com/csm/en?id=ot_kb_unauthenticated&sysparm_article=KB0854847 https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13672/README.md

Benzer Kayıtlar

High

CVE-2026-3278

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks…

High

CVE-2026-3266

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauth…

High

CVE-2025-8054

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows…

Medium

CVE-2025-8055

Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerabi…

High

CVE-2025-9208

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ W…

Medium

CVE-2026-1658

User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache…