Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB

2.3 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Green

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts

This issue affects uCMDB: 24.4.

Basic Information

ID CVE-2025-11884

Source OpenText

Published Nov 19, 2025 at 21:13

Affected Product

Vendor OpenText™

Product uCMDB

Version 24.4

Affected Versions OpenText™ uCMDB 24.4

CWE Classification

CWE-79

References

portal.microfocus.com /s/article/KM000043674

{
    "lastseen": "",
    "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow\u00a0an\u00a0attacker has high level access to UCMDB to create or update data with malicious scripts\n\nThis issue affects uCMDB: 24.4.",
    "published": "2025-11-19T21:13:48.572Z",
    "modified": "2025-11-19T21:13:48.572Z",
    "type": "cve",
    "title": "Cross-site Scripting vulnerability discovered in OpenText\u2122 Universal Discovery and CMDB",
    "source": "OpenText",
    "references": "https://portal.microfocus.com/s/article/KM000043674?language=en_US",
    "id": "CVE-2025-11884",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "OpenText\u2122 uCMDB 24.4",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Green",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "uCMDB",
    "version": "24.4",
    "vendor": "OpenText\u2122",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB_CVE-2025-11884