CVE-2025-21572
MEDIUMOpenGrok 1.13.25 - Reflected Cross-Site Scripting via History View Path Segments
Title source: llmDescription
OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html
Scores
CVSS v3
6.1
EPSS
0.0020
EPSS Percentile
41.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
oracle/opengrok
1.13.25
Published
May 02, 2025
Tracked Since
Feb 18, 2026