Stored XSS in OpenText Content Management on Windows and Linux
CVE-2024-12863

5.6MEDIUM

Key Information:

Vendor: Opentext
Status: Opentext Content Management
Vendor: CVE Published:; 21 April 2025

Summary

A stored XSS vulnerability exists in OpenText Content Management CE, impacting versions 20.2 through 25.1 on both Windows and Linux platforms. This flaw allows authenticated attackers to inject malicious scripts into the system, potentially compromising user data or performing unauthorized actions. The vulnerability may lead to further exploits, emphasizing the need for prompt remediation.

Affected Version(s)

OpenText Content Management Windows 20.2-25.1

References

https://support.opentext.com/csm?id=ot_kb_unauthenticated...

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 21, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Hussein Bahmad (NTT Data)