CVE-2025-9208

Summary

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.

This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.

Affected Software

VendorProductVersion RangeStatus
OpenText™Web Site Management Server16.7.xaffected
OpenText™Web Site Management Server16.8affected
OpenText™Web Site Management Server16.8.1affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References