Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.0
OpenText Web Site Management Server allows Malicious Code to Run in Browsers
CVE-2025-13672
Summary
A security issue in OpenText's Web Site Management Server could allow attackers to inject malicious code into web pages, which could be executed by users' browsers. This could lead to unauthorized access to sensitive information or other security risks. Affected versions include 16.7.0 and 16.7.1; update to the latest version to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| opentext | web_site_management_server | 16.7.0 | – |
| opentext | web_site_management_server | 16.7.1 | – |
Original title
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow...
Original description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side.
This issue affects Web Site Management Server: 16.7.0, 16.7.1.
This issue affects Web Site Management Server: 16.7.0, 16.7.1.
nvd CVSS3.1
5.4
nvd CVSS4.0
7.0
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://support.opentext.com/csm/en?id=ot_kb_unauthenticated&sysparm_article=KB0... Vendor Advisory
- https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13672/R... Exploit Third Party Advisory
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026