CVE-2025-13672

Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.

CVSS 7 HIGHEPSS 0.2%CWE-79

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side. This issue affects Web Site Management Server: 16.7.0, 16.7.1.

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red

Affected products

OpenText™ · Web Site Management Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13672/README.md https://support.opentext.com/csm/en?id=ot_kb_unauthenticated&sysparm_article=KB0854847