CVE-2024-12863 MEDIUM

CVE-2024-12863: Stored XSS in Discussions functionality

Vendor Opentext
Product OpenText Content Management
Weakness CWE-79 · XSS
Published April 21, 2025
Last update April 21, 2025

CVSS base score

5.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.

Key dates

02Disclosure timeline

April 21, 2025 CVE published
April 21, 2025 Record updated