CVE Catalog

CVE-2026-11878

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

OpenText Access Manager versions 5.1 through 5.1.2 are vulnerable to Cross-Site Scripting (XSS) due to improper input neutralization during web page generation. This allows an attacker to inject malicious JavaScript into a victim's browser.

Risk Assessment

The risk includes session hijacking, data theft, or unauthorized actions performed in the context of the victim's session. This could compromise data confidentiality and integrity within the organization.

Recommendation

Immediately upgrade OpenText Access Manager to a version later than 5.1.2 that contains the fix. Until then, implement HTTP traffic filtering and apply Content Security Policy (CSP) rules.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from 5.1 through 5.1.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS