PT-2025-31494 · Apache Jspwiki +1 · Image Plugin +1

Both Xbow

Published

2025-07-31

Updated

2025-07-31

CVE-2025-24854

Report an issue

CVSS v4.0

6.9

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions:

Apache JSPWiki versions prior to 2.12.3

Description:

A carefully crafted request using the Image plugin could trigger a cross-site scripting (XSS) issue on Apache JSPWiki. This could allow an attacker to execute JavaScript in the victim's browser and potentially obtain sensitive information.

Recommendations:

Upgrade to version 2.12.3 or later.

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-24854

GHSA-72WW-4RCW-MC62

Affected Products

Apache Jspwiki

Image Plugin

PT-2025-31494 · Apache Jspwiki +1 · Image Plugin +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 5