CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-13672

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side. This issue affects Web Site Management Server: 16.7.0, 16.7.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.2%

CVSS Severity

CVSS v3 Score 5.4

References

https://support.opentext.com/csm/en?id=ot_kb_unauthenticated&sysparm_article=KB0854847
https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13672/README.md

Products affected by CVE-2025-13672

Opentext » Web Site Management Server » Version: 16.7.0

cpe:2.3:a:opentext:web_site_management_server:16.7.0
Opentext » Web Site Management Server » Version: 16.7.1

cpe:2.3:a:opentext:web_site_management_server:16.7.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13672

Products

Pricing

Contact Us