HIGH🇵🇱 Wersja polska

CVE-2026-3278

CVSS 7.4v4.0pub. 2026-03-18upd. 2026-03-19

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber
  • Opentext Zenworks Service Desk

    APP
    Opentext
    25.225.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2022-35898CRITICAL9.8ten sam vendor

OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. T...

CVE-2017-5802CRITICAL9.8ten sam vendor

A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was fou...

CVE-2017-14759CRITICAL9.8ten sam vendor

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versio...

CVE-2017-5586CRITICAL9.8ten sam vendor

OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands ...

CVE-2016-2002CRITICAL9.8ten sam vendor

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1....