Cross-Site Scripting Vulnerability in OpenText ZENworks Service Desk

CVE-2026-3278

What is CVE-2026-3278?

A Cross-Site Scripting (XSS) vulnerability exists in OpenText ZENworks Service Desk that results from improper neutralization of user input during web page generation. This flaw allows attackers to inject malicious JavaScript, potentially executing unauthorized actions on behalf of legitimate users. Affected installations include ZENworks Service Desk versions 25.2 and 25.3, underscoring the critical need for timely updates to safeguard against misuse.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References