CVE-2025-21572

Name of the Vulnerable Software and Affected Versions OpenGrok version 1.13.25

Description The issue is a reflected Cross-Site Scripting (XSS) problem that occurs when the application generates the history view page. This happens due to improper handling of path segments, causing the application to reflect unsanitized user input into the HTML output.

Recommendations For OpenGrok version 1.13.25, consider restricting the handling of path segments to prevent the reflection of unsanitized user input into the HTML output as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.