Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

A carefully crafted request using the Image plugin could trigger an XSS
vulnerability on Apache JSPWiki, which could allow the attacker to
execute javascript in the victim's browser and get some sensitive
information about the victim.

Apache JSPWiki users should upgrade to 2.12.3 or later.

Basic Information

ID CVE-2025-24854

Source apache

Published Jul 31, 2025 at 08:43

Modified Jul 31, 2025 at 17:55

Affected Product

Vendor Apache Software Foundation

Product Apache JSPWiki

Affected Versions Apache Software Foundation Apache JSPWiki 0

CWE Classification

CWE-79

References

jspwiki-wiki.apache.org /Wiki.jsp

{
    "lastseen": "",
    "description": "A carefully crafted request using the Image plugin could trigger an XSS \nvulnerability on Apache JSPWiki, which could allow the attacker to \nexecute javascript in the victim's browser and get some sensitive \ninformation about the victim.\n\n\n\n\n\nApache JSPWiki users should upgrade to 2.12.3 or later.",
    "published": "2025-07-31T08:43:18.886Z",
    "modified": "2025-07-31T17:55:04.477Z",
    "type": "cve",
    "title": "Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin",
    "source": "apache",
    "references": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2025-24854",
    "id": "CVE-2025-24854",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache JSPWiki 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache JSPWiki",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin_CVE-2025-24854