3 matches found
CVE-2025-13672
The CVE-2025-13672 entry describes a Reflected XSS in OpenText Web Site Management Server, affecting versions 16.7.0 and 16.7.1 . The issue arises from improper neutralization of input during web page generation, allowing malicious JavaScript to be injected via URL parameters and rendered in the ...
CVE-2025-13671
OpenText Web Site Management Server contains a CSRF vulnerability (CVE-2025-13671) affecting versions 16.7.0 and 16.7.1. An active user with a session could be induced to perform unintended changes via a page containing malicious HTML, effectively exploiting CSRF. CVSS v4.0 vectors: Network attac...
CVE-2025-9208
OpenText Web Site Management Server contains a stored XSS vulnerability (CVE-2025-9208) in the web page generation flow triggered by the download query parameter removal from a file URL. Affected versions are Web Site Management Server 16.7.x, 16.8, and 16.8.1. The CVSS base score is 7.5 (HIGH) w...