{"id":77522,"date":"2026-02-20T02:07:19","date_gmt":"2026-02-19T22:37:19","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-9208-stored-xss-vulnerability-discovered-in-opentext-wsm-management-server\/"},"modified":"2026-02-20T02:07:19","modified_gmt":"2026-02-19T22:37:19","slug":"cve-2025-9208-stored-xss-vulnerability-discovered-in-opentext-wsm-management-server","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-9208-stored-xss-vulnerability-discovered-in-opentext-wsm-management-server\/","title":{"rendered":"CVE-2025-9208 &#8211; Stored-XSS vulnerability discovered in OpenText WSM Management Server."},"content":{"rendered":"<p>CVE ID : CVE-2025-9208<\/p>\n<p>Published :  Feb. 19, 2026, 10:37 p.m. | 23\u00a0minutes ago<\/p>\n<p>Description : Improper Neutralization of Input During Web Page Generation (XSS or &#8216;Cross-site Scripting&#8217;) vulnerability in OpenText\u2122 Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.<\/p>\n<p>This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.<\/p>\n<p>Severity: 7.5 | HIGH<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-9208 Published : Feb. 19, 2026, 10:37 p.m. | 23\u00a0minutes ago Description : Improper Neutralization of Input During Web Page Generation (XSS or &#8216;Cross-site Scripting&#8217;) vulnerability in OpenText\u2122 Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-77522","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/77522","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=77522"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/77522\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=77522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=77522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=77522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}