1935 matches found
CVE-2025-8054
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2...
CVE-2025-13672
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
CVE-2025-8055
Server-Side Request Forgery SSRF vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2...
CVE-2025-13672
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
CVE-2025-13671
Cross-Site Request Forgery CSRF vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This...
CVE-2026-1658
OpenText Directory Services (20.4.1–25.2) contains CVE-2026-1658: a UI misrepresentation of critical information can enable cache poisoning, potentially misleading users. Affected components are within OpenText Directory Services could present manipulated text, with impact described as low integr...
CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...
CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...
CVE-2025-9208 Stored-XSS vulnerability discovered in OpenText WSM Management Server.
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...
CVE-2025-9208 Stored-XSS vulnerability discovered in OpenText WSM Management Server.
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...
CVE-2025-9208
OpenText Web Site Management Server contains a stored XSS vulnerability (CVE-2025-9208) in the web page generation flow triggered by the download query parameter removal from a file URL. Affected versions are Web Site Management Server 16.7.x, 16.8, and 16.8.1. The CVSS base score is 7.5 (HIGH) w...
CVE-2025-13671 Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.
Cross-Site Request Forgery CSRF vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This...
CVE-2025-13671 Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.
Cross-Site Request Forgery CSRF vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This...
CVE-2025-13671
OpenText Web Site Management Server contains a CSRF vulnerability (CVE-2025-13671) affecting versions 16.7.0 and 16.7.1. An active user with a session could be induced to perform unintended changes via a page containing malicious HTML, effectively exploiting CSRF. CVSS v4.0 vectors: Network attac...
CVE-2025-13672
The CVE-2025-13672 entry describes a Reflected XSS in OpenText Web Site Management Server, affecting versions 16.7.0 and 16.7.1 . The issue arises from improper neutralization of input during web page generation, allowing malicious JavaScript to be injected via URL parameters and rendered in the ...
CVE-2025-13672 Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
CVE-2025-13672 Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
CVE-2025-8054 Path Traversal vulnerability have been discovered in OpenText™ XM Fax.
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2...
CVE-2025-8054 Path Traversal vulnerability have been discovered in OpenText™ XM Fax.
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2...
CVE-2025-8054
OpenText XM Fax 24.2 is affected by CVE-2025-8054, a Path Traversal vulnerability caused by improper limitation of a pathname to a restricted directory. This could allow an attacker to arbitrarily disclose files on the local filesystem. The connected CVE records confirm the product (XM Fax), the ...