CVE-2025-24854

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 55.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache JspwikiApache Software Foundation Apache Jspwiki
Timeline
PublishedJul 31

Description

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDapache/jspwiki< 2.12.3

🔴Vulnerability Details

3
GHSA
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin2025-07-31
OSV
Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin2025-07-31
CVEList
Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin2025-07-31
CVE-2025-24854 (MEDIUM CVSS 6.1) | A carefully crafted request using t | cvebase.io