CVE-2025-13672
Reflected XSS in OpenText Web Site Management Server 16.7.x
Publication date: 2026-02-19
Last updated on: 2026-02-27
Assigner: OpenText
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opentext | web_site_management_server | 16.7.0 |
| opentext | web_site_management_server | 16.7.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a type of Cross-site Scripting (XSS) called Reflected XSS found in OpenText™ Web Site Management Server versions 16.7.0 and 16.7.1.
It occurs because the application improperly neutralizes input during web page generation, allowing malicious JavaScript code to be injected inside URL parameters.
When the page preview renders these parameters, the malicious scripts can execute on the client side.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious scripts in the context of a user's browser session.
Such execution can lead to theft of sensitive information, session hijacking, or performing actions on behalf of the user without their consent.
Because the vulnerability involves reflected XSS, it requires the user to click on a crafted URL containing the malicious script.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know