CVE Daily

CVE-2025-24854

A carefully crafted request using the Image plugin could trigger an XSS vulnera...

Medium CVSS 6.1

Overview

A carefully crafted request using the Image plugin could trigger an XSS
vulnerability on Apache JSPWiki, which could allow the attacker to
execute javascript in the victim's browser and get some sensitive
information about the victim.

Apache JSPWiki users should upgrade to 2.12.3 or later.

CWE: CWE-79 Published: 2025-07-31T09:15:27.650
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.1 (MEDIUM)
  • Detected tags: apache, xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags