CVE-2025-9208

High CVSS: 7.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.

This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.

Vendor

Opentext

Product

Web Site Management Server

CWE

CWE-79

Yayın Tarihi

2026-02-19 23:16:15

Güncelleme

2026-02-27 23:49:59

Source Identifier

security@opentext.com

KEV Date Added

Kategoriler

CWE-79 Web Site Management Server HIGH Opentext 2026

Referanslar

https://support.opentext.com/csm/en?id=ot_kb_unauthenticated&sysparm_article=KB0854844 https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-9208/README.md

Benzer Kayıtlar

High

CVE-2026-3278

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks…

High

CVE-2026-3266

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauth…

High

CVE-2025-13672

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ W…

High

CVE-2025-8054

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows…

Medium

CVE-2025-8055

Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerabi…

Medium

CVE-2026-1658

User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache…