Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
OpenText Web Site Management Server allows hackers to inject malicious scripts
CVE-2025-9208
Summary
OpenText's Web Site Management Server has a security issue that lets hackers inject malicious code into websites, which could steal user information or take control of user sessions. If you use this software, update it to the latest version to protect your users. This issue affects versions 16.7, 16.8, and 16.8.1.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| opentext | web_site_management_server | <= 16.8.1 | – |
Original title
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute ...
Original description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.
This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.
This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.
nvd CVSS3.1
5.4
nvd CVSS4.0
7.5
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026