PT-2025-31493 · Apache · Apache Jspwiki
Xbow
·
Published
2025-07-31
·
Updated
2025-08-05
·
CVE-2025-24853
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apache JSPWiki versions prior to 2.12.3
Description
A crafted request during header link creation using wiki markup syntax can allow an attacker to execute JavaScript in the victim’s browser, potentially obtaining sensitive information. Further research revealed that the markdown parser also permitted this type of attack.
Recommendations
Upgrade to version 2.12.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Jspwiki