CVE-2025-13671

MEDIUM5.9

Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.

Published Feb 19, 2026

Modified 1 weeks ago

Details

Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously.

This issue affects Web Site Management Server: 16.7.0, 16.7.1.

References

WEB

https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13671/README.md

WEB

https://support.opentext.com/csm/en?id=ot_kb_unauthenticated&sysparm_article=KB0854846

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-13671

CVSS Analysis

CVSS v4.0

5.9

Exploitability