Stored XSS in OpenText uCMDB 24.4 - High Level Access Exploit
CVE-2025-11884 Published on November 19, 2025

Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4.

NVD

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2025-11884 has been classified to as a XSS vulnerability or weakness.

Affected Versions

OpenText™ uCMDB Version 24.4 is affected by CVE-2025-11884

Exploit Probability

EPSS

0.04%

Percentile

12.78%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Stored XSS in OpenText uCMDB 24.4 - High Level Access ExploitCVE-2025-11884 Published on November 19, 2025

Weakness Type

What is a XSS Vulnerability?

Affected Versions

Exploit Probability

Stored XSS in OpenText uCMDB 24.4 - High Level Access Exploit
CVE-2025-11884 Published on November 19, 2025