Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
5.9

OpenText Web Site Management Server: Unwanted Changes from Malicious Links

CVE-2025-13671
Summary

A vulnerability in OpenText Web Site Management Server allows an attacker to trick a user into making unwanted changes to the site by clicking on a malicious link. This can happen when a user with an active session clicks on a specially crafted link. To protect your site, update to a patched version of the software.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
opentext web_site_management_server 16.7.0
opentext web_site_management_server 16.7.1
Original title
Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the produc...
Original description
Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously.

This issue affects Web Site Management Server: 16.7.0, 16.7.1.
nvd CVSS3.1 6.5
nvd CVSS4.0 5.9
Vulnerability type
CWE-352 Cross-Site Request Forgery (CSRF)
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026