CVE-2025-24854

CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin

Vendor Apache Software Foundation

Product Apache JSPWiki

Weakness CWE-79 · XSS

Published July 31, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later.

Key dates

Disclosure timeline

July 31, 2025 CVE published

November 4, 2025 Record updated