CVE-2025-12453

MEDIUM

OpenText Vertica 10.0-25.3.X - Reflected XSS

Title source: llm

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.

References (1)

Core 1

Core References

Various Sources

https://portal.microfocus.com/s/article/KM000045852?language=en_US

Scores

CVSS v3 6.1

EPSS 0.0018

EPSS Percentile 7.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (9)

opentext/vertica 10.0.0-0 - 25.4.0-0

OpenText™/Vertica 10.0 - 10.x

OpenText™/Vertica 11.0 - 11.x

OpenText™/Vertica 12.0 - 12.x

OpenText™/Vertica 23.0 - 23.x

OpenText™/Vertica 24.0 - 24.x

OpenText™/Vertica 25.1.0 - 25.1.x

OpenText™/Vertica 25.2.0 - 25.2.x

OpenText™/Vertica 25.3.0 - 25.3.x

Published Mar 13, 2026

Tracked Since Mar 14, 2026