Stored-XSS vulnerability discovered in OpenText WSM Management Server._CVE-2025-9208

7.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.

This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.

Basic Information

ID CVE-2025-9208

Source OpenText

Published Feb 19, 2026 at 22:37

Affected Product

Vendor OpenText™

Product Web Site Management Server

Version 16.7.x

Affected Versions OpenText™ Web Site Management Server 16.7.x
OpenText™ Web Site Management Server 16.8
OpenText™ Web Site Management Server 16.8.1

CWE Classification

CWE-79

References

support.opentext.com /csm/en

{
    "lastseen": "",
    "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.\n\nThis issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.",
    "published": "2026-02-19T22:37:19.208Z",
    "modified": "2026-02-19T22:37:19.208Z",
    "type": "cve",
    "title": "Stored-XSS vulnerability discovered in OpenText WSM Management Server.",
    "source": "OpenText",
    "references": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated&sysparm_article=KB0854844",
    "id": "CVE-2025-9208",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "OpenText\u2122 Web Site Management Server 16.7.x\nOpenText\u2122 Web Site Management Server 16.8\nOpenText\u2122 Web Site Management Server 16.8.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Web Site Management Server",
    "version": "16.7.x",
    "vendor": "OpenText\u2122",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}