Cross-Site Scripting Vulnerability in OpenText Web Site Management Server
CVE-2025-13672

7HIGH

Key Information:

Vendor: Opentext™
Status: Web Site Management Server
Vendor: CVE Published:; 19 February 2026

What is CVE-2025-13672?

A Cross-Site Scripting (XSS) vulnerability has been identified in OpenText™ Web Site Management Server, which allows attackers to inject malicious JavaScript through URL parameters. This threat emerges when the server fails to properly neutralize inputs during the generation of web pages. As a result, when users preview a page, these scripts can be executed on the client side, potentially compromising user data and security. This vulnerability specifically impacts versions 16.7.0 and 16.7.1, making it crucial for users to apply necessary security updates.

Affected Version(s)

Web Site Management Server 16.7.0

Web Site Management Server 16.7.1

References

https://support.opentext.com/csm/en?id=ot_kb_unauthentica...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Nov 25, 2025

Credit

Mario Tesoro

CVE-2025-13672 Data

JSON