216.73.216.133

CVE-2026-3278

· Published 18/03/2026 14:16 · Modified 19/03/2026 14:57

Labels: CVE-2026-3278 2026-03-18CVE-2026-3278CWE-79[email protected]

Essential information

Published
18/03/2026 14:16
Modified
19/03/2026 14:57
Author
Creator
CVSS
7.4 HIGH (v3) 7.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3.

NVD status

Status
Analyzed — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
opentext / zenworks service desk cpe:2.3:a:opentext:zenworks_service_desk:25.2:*:*:*:*:*:*:*
opentext / zenworks service desk cpe:2.3:a:opentext:zenworks_service_desk:25.3:*:*:*:*:*:*:*

References