PT-2026-20944 · Opentext · Opentext Web Site Management Server

Mario Tesoro

Publicado

2026-02-19

Atualizado

2026-02-27

CVE-2025-13672

CVSS v4.0

7.0

Alta

Vetor

AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red

Name of the Vulnerable Software and Affected Versions OpenText Web Site Management Server versions 16.7.0 through 16.7.1

Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to Reflected Cross-site Scripting (XSS). This allows for the injection of malicious JavaScript code through URL parameters. When a page preview is rendered, the injected script can execute on the client side. The issue involves rendering malicious scripts when a page preview is generated.

Recommendations Update OpenText Web Site Management Server to a version later than 16.7.1.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2025-13672

Produtos afetados

Opentext Web Site Management Server

PT-2026-20944 · Opentext · Opentext Web Site Management Server

CVE-2025-13672

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6