CVE-2025-13672 HIGH

CVE-2025-13672: Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.

Vendor Opentext™
Product Web Site Management Server
Weakness CWE-79 · XSS
Published February 19, 2026
Last update February 24, 2026

CVSS base score

7.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side. This issue affects Web Site Management Server: 16.7.0, 16.7.1.

Key dates

02Disclosure timeline

February 19, 2026 CVE published
February 24, 2026 Record updated

Related vulnerabilities

04Related CVE