cvedb.io
CVE-2025-9208
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2026-02-19T23:16:15.663 · Last modified 2026-06-17T10:08:32.040

Summary

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.

Affected products

opentext — web_site_management_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when opentext ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.