CVE-2025-24853

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
31/07/2025
Last modified:
31/07/2025

Description

A carefully crafted request when creating a header link using the <br /> wiki markup syntax, which could allow the attacker to execute javascript<br /> in the victim&amp;#39;s browser and get some sensitive information about the <br /> victim.<br /> <br /> <br /> <br /> Further research by the JSPWiki team showed that the markdown parser allowed this kind of attack too.<br /> <br /> Apache JSPWiki users should upgrade to 2.12.3 or later.

References to Advisories, Solutions, and Tools