CVE-2025-13671

MEDIUM

OpenText Web Site Management Server 16.7.0-16.7.1 - CSRF

Title source: llm

Description

Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This issue affects Web Site Management Server: 16.7.0, 16.7.1.

Exploits (1)

github WORKING POC

by MarioTesoro · poc

https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2025-13671

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13671/README.md

View Exploit ZIP pw:eip

[Various Sources] https://support.opentext.com/csm/en?id=ot_kb_unauthenticated&sysparm_article=KB0854846

Scores

CVSS v3 6.5

EPSS 0.0001

EPSS Percentile 3.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-352

Status published

Affected Products (2)

opentext/web_site_management_server

opentext/web_site_management_server

Timeline

Published Feb 19, 2026

Tracked Since Feb 20, 2026