CVE-2025-11884 | THREATINT

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4.

PUBLISHED Reserved 2025-10-16 | Published 2025-11-19 | Updated 2025-11-20 | Assigner OpenText

LOW: 2.3CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Green

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

24.4

affected

Credits

Mateusz "MaTTallica" Klement finder

References

portal.microfocus.com/s/article/KM000043674?language=en_US

cve.org (CVE-2025-11884)

nvd.nist.gov (CVE-2025-11884)

Download JSON