Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:D/RE:M/U:Amber
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:D/RE:M/U:Amber
Lifecycle Timeline
3DescriptionCVE.org
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3.
AnalysisAI
OpenText ZENworks Service Desk contains an improper input neutralization vulnerability (CWE-79 Cross-Site Scripting) that allows attackers to inject and execute arbitrary JavaScript in the context of a user's browser session. Affected versions are 25.2 and 25.3. Successful exploitation enables unauthorized actions on behalf of the user, including session hijacking, credential theft, or lateral movement within the service desk application.
Technical ContextAI
The vulnerability resides in the web page generation logic of OpenText ZENworks Service Desk (CPE: cpe:2.3:a:opentext:zenworks_service_desk:*:*:*:*:*:*:*:*), a service management and IT help desk solution. The root cause is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), which occurs when user-supplied input is rendered in HTML or JavaScript context without proper encoding or sanitization. This allows attackers to inject malicious script tags or event handlers that execute in the victim's browser, bypassing the same-origin policy through reflected or stored XSS mechanisms depending on the vulnerable input vector within the application.
RemediationAI
Users should immediately upgrade OpenText ZENworks Service Desk to a patched version released after 25.3; specific patch versions should be confirmed via the vendor advisory at https://portal.microfocus.com/s/article/KM000045873?language=en_US. As an interim control, restrict network access to the ZENworks Service Desk application to trusted internal networks or VPN-authenticated users only. Implement a Web Application Firewall (WAF) with rules to detect and block common XSS payloads, enable Content Security Policy (CSP) headers to limit script execution, and enforce HTTPS with HSTS to prevent man-in-the-middle attacks. Monitor application logs for suspicious input patterns and consider disabling untrusted user input features if operationally feasible until patching is complete.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12825