CVE-2024-12863

MEDIUM

OpenText Content Management CE <25.1 - XSS

Title source: llm
STIX 2.1

Description

Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.

References (1)

Core 1

Scores

CVSS v4 5.6
EPSS 0.0031
EPSS Percentile 23.4%
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
OpenText/OpenText Content Management 20.2-25.1
Published Apr 21, 2025
Tracked Since Feb 18, 2026