CVE-2025-13671
CSRF Vulnerability in OpenText Web Site Management Server
Publication date: 2026-02-19
Last updated on: 2026-02-27
Assigner: OpenText
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opentext | web_site_management_server | 16.7.0 |
| opentext | web_site_management_server | 16.7.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in OpenText™ Web Site Management Server versions 16.7.0 and 16.7.1. It allows an attacker to trick a user who has an active session in the product into clicking on a malicious page. This page contains harmful HTML that causes the user to unknowingly perform unauthorized changes within the application.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can cause a user with an active session to perform unintended actions within the Web Site Management Server. This could lead to unauthorized changes being made without the user's knowledge or consent, potentially compromising the integrity of the managed website or system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know