MEDIUM🇵🇱 Wersja polska

CVE-2025-12453

CVSS 5.1v4.0pub. 2026-03-13upd. 2026-04-17

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:X/U:X
  • Opentext Vertica

    APP
    Opentext
    10.0.0-0 – 25.4.0-0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2017-5802CRITICAL9.8ten sam produkt

A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was fou...

CVE-2016-2002CRITICAL9.8ten sam produkt

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1....

CVE-2015-6867HIGH7.5ten sam produkt

The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote at...

CVE-2025-12455MEDIUM5.1ten sam produkt

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.   The vulner...

CVE-2025-12454MEDIUM5.1ten sam produkt

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText...