CVE-2025-24854

MEDIUM

Apache JSPWiki <2.12.3 - XSS

Title source: llm

Description

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later.

References (2)

[Vendor Advisory] https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2025-24854

[Mailing List] http://www.openwall.com/lists/oss-security/2025/07/30/3

Scores

CVSS v3 6.1

EPSS 0.0020

EPSS Percentile 41.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

apache/jspwiki < 2.12.3

org.apache.jspwiki/jspwiki-main < 2.12.3Maven

Timeline

Published Jul 31, 2025

Tracked Since Feb 18, 2026