CVE-2025-24854

MEDIUM

Apache JSPWiki < 2.12.3 - Cross-Site Scripting via Image Plugin

Title source: llm

Description

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later.

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2025/07/30/3

Vendor Advisory vendor-advisory

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2025-24854

Scores

CVSS v3 6.1

EPSS 0.0032

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

apache/jspwiki < 2.12.3

org.apache.jspwiki/jspwiki-main 0 - 2.12.3Maven

Published Jul 31, 2025

Tracked Since Feb 18, 2026