PT-2026-20947 · Opentext · Opentext Web Site Management Server

Murat Altindis

·

Publicado

2026-02-19

·

Atualizado

2026-02-27

·

CVE-2025-9208

CVSS v4.0

7.5

Alta

VetorAV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red
Name of the Vulnerable Software and Affected Versions OpenText Web Site Management Server versions 16.7.X, 16.8, and 16.8.1
Description A flaw exists in OpenText Web Site Management Server that allows for Stored Cross-site Scripting (XSS). The issue occurs when the download query parameter is removed from a file URL, potentially enabling attackers to execute malicious scripts on the client side. Successful exploitation could lead to compromised user sessions and data. The API endpoint involved is a file URL where the download parameter is processed. The vulnerable parameter is download.
Recommendations Versions 16.7.X should be updated. Versions 16.8 should be updated. Versions 16.8.1 should be updated.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2025-9208

Produtos afetados

Opentext Web Site Management Server