Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Web Site Management Server

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-9208
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.44%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 22:37
Updated-23 Feb, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored-XSS vulnerability discovered in OpenText WSM Management Server.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.

Action-Not Available
Vendor-Open Text Corporation
Product-Web Site Management Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-13671
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.66%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 22:36
Updated-23 Feb, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.

Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This issue affects Web Site Management Server: 16.7.0, 16.7.1.

Action-Not Available
Vendor-Open Text Corporation
Product-Web Site Management Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13672
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7||HIGH
EPSS-0.05% / 14.44%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 22:36
Updated-23 Feb, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side. This issue affects Web Site Management Server: 16.7.0, 16.7.1.

Action-Not Available
Vendor-Open Text Corporation
Product-Web Site Management Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')