CVE-2025-24853
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
31/07/2025
Last modified:
31/07/2025
Description
A carefully crafted request when creating a header link using the <br />
wiki markup syntax, which could allow the attacker to execute javascript<br />
in the victim&#39;s browser and get some sensitive information about the <br />
victim.<br />
<br />
<br />
<br />
Further research by the JSPWiki team showed that the markdown parser allowed this kind of attack too.<br />
<br />
Apache JSPWiki users should upgrade to 2.12.3 or later.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH