CVE-2025-9208 HIGH

CVE-2025-9208: Stored-XSS vulnerability discovered in OpenText WSM Management Server.

Vendor Opentext™

Product Web Site Management Server

Weakness CWE-79 · XSS

Published February 19, 2026

Last update February 24, 2026

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.

Key dates

02Disclosure timeline

February 19, 2026 CVE published

February 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9208

Related vulnerabilities

Identifiers

CVE CVE-2025-9208

CWE CWE-79

CVSS 7.5 / HIGH

Affected versions

Vendor Opentext™

Product Web Site Management Server

Affected 16.7.x

Vendor Opentext™

Product Web Site Management Server

Affected 16.8

Vendor Opentext™

Product Web Site Management Server

Affected 16.8.1

CVE-2025-9208: Stored-XSS vulnerability discovered in OpenText WSM Management Server.

01Description

02Disclosure timeline

03References

04Related CVE