XSS in Opentext™ Zenworks Service Desk

CVE-2026-3278

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScr…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (12.6th percentile) — read the EPSS interpretation.

Affected products

Opentext™ Zenworks Service Desk — versions 25.2, 25.3

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

portal.microfocus.com/s/article/KM000045873