CVE-2026-3278

High CVSS: 7.4

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3.

Vendor

Opentext

Product

Zenworks Service Desk

CWE

CWE-79

Yayın Tarihi

2026-03-18 14:16:40

Güncelleme

2026-03-19 14:57:16

Source Identifier

security@opentext.com

KEV Date Added

Kategoriler

CWE-79 Zenworks Service Desk HIGH Opentext 2026

Referanslar

https://portal.microfocus.com/s/article/KM000045873?language=en_US

Benzer Kayıtlar

High

CVE-2026-3266

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauth…

High

CVE-2025-13672

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ W…

High

CVE-2025-8054

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows…

Medium

CVE-2025-8055

Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerabi…

High

CVE-2025-9208

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ W…

Medium

CVE-2026-1658

User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache…