CVE-2025-9208 — MEDIUM (5.4)

Q: How severe is CVE-2025-9208?

CVE-2025-9208 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-9208?

Check the references section above for vendor advisories and patch information. Affected products include: Opentext Web Site Management Server.

Vulnerability Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Opentext	Web Site Management Server	<= 16.8.1

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2025-9208?

CVE-2025-9208 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute mal...

How severe is CVE-2025-9208?

CVE-2025-9208 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-9208?

Check the references section above for vendor advisories and patch information. Affected products include: Opentext Web Site Management Server.