CVE-2025-24854

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-24854

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24854.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24854

Aliases

GHSA-72ww-4rcw-mc62

Published

2025-07-31T09:15:27.650Z

Modified

2026-04-10T05:23:06.255991Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Apache JSPWiki users should upgrade to 2.12.3 or later.

References

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type

GIT

Repo

https://github.com/apache/jspwiki

Events

Introduced

Fixed

e04dda38bc9eb06265f368acea3ae04d62834b93

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.12.3"
        }
    ]
}

Affected versions

2.*

2.10.3

2.10.3-RC1

2.10.3-RC2

2.10.4

2.10.4-RC1

2.10.4-RC2

2.10.4-RC3

2.10.5

2.10.5-RC1

2.10.5-RC2

2.11.0

2.11.0-RC1

2.11.0-RC2

2.11.0.M1

2.11.0.M1-RC1

2.11.0.M1-RC2

2.11.0.M1.RC3

2.11.0.M2

2.11.0.M2-RC1

2.11.0.M3

2.11.0.M3-RC1

2.11.0.M3-RC2

2.11.0.M4

2.11.0.M4-RC1

2.11.0.M4-RC2

2.11.0.M5

2.11.0.M5-RC1

2.11.0.M5-RC2

2.11.0.M5-RC3

2.11.0.M6

2.11.0.M6-RC1

2.11.0.M7

2.11.0.M7-RC1

2.11.0.M8

2.11.0.M8-RC1

2.11.1

2.11.1-RC1

2.11.2

2.11.2-RC1

2.11.3

2.11.3-RC1

2.12.0

2.12.0-RC1

2.12.0-RC2

2.12.1

2.12.1-RC1

2.12.2

2.12.2-RC1

2.12.3-RC1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24854.json"