Low severityNVD Advisory· Published Nov 19, 2025· Updated Apr 15, 2026

CVE-2025-11884

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts

This issue affects uCMDB: 24.4.

Affected products

Ucmdb/Ucmdbinferred2 versions
= 24.4+ 1 more
- (no CPE)range: = 24.4
- (no CPE)range: =24.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.microfocus.com/s/article/KM000043674nvd

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000