Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. 
The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.
Published: 2026-03-13
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Reflected Cross‑Site Scripting in web console
Action: Patch
AI Analysis

Impact

Improper neutralization of input during web page generation in the OpenText Vertica management console allows reflected cross‑site scripting. An attacker could inject malicious JavaScript that executes in the victim’s browser context, potentially leading to session hijacking, data theft, or unauthorized actions performed on behalf of the user. This vulnerability represents a typical reflected XSS weakness (CWE‑79).

Affected Systems

OpenText Vertica is affected from version 10.0 through 10.X, 11.0 through 11.X, 12.0 through 12.X, 23.0 through 23.X, 24.0 through 24.X, 25.1.0 through 25.1.X, 25.2.0 through 25.2.X, and 25.3.0 through 25.3.X.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderately serious impact. An EPSS score of less than 1% shows a low likelihood of active exploitation, and the vulnerability is not listed in the CISA KEV catalog. Because the attack surface is a web interface, the likely vector is a victim clicking a crafted link or visiting a malicious site that triggers the reflected payload. Exploitation requires user interaction and does not need elevated privileges within the Vertica environment.

Generated by OpenCVE AI on March 19, 2026 at 15:06 UTC.

Remediation

Vendor Solution

https://portal.microfocus.com/s/article/KM000045852?language=en_US

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to a fixed version using the link: https://portal.microfocus.com/s/article/KM000045852?language=en_US
  • Verify that the patch was successfully installed and the application is running a non‑affected version

Generated by OpenCVE AI on March 19, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Opentext
Opentext vertica
Vendors & Products Opentext
Opentext vertica

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.
Title Improper neutralization of input during web page generation vulnerability has been discovered in OpenText™ Vertica.
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:U'}

Subscriptions

Opentext Vertica
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenText

Published:

Updated: 2026-03-13T19:34:21.690Z

Reserved: 2025-10-28T21:28:28.343Z

Link: CVE-2025-12453

cve-icon Vulnrichment

Updated: 2026-03-13T19:34:17.548Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:53:47.427

Modified: 2026-03-16T14:54:11.293

Link: CVE-2025-12453

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:30Z

Weaknesses