9 matches found
CVE-2025-24853
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
org.apache.jspwiki.it:jspwiki-selenide-tests (>=2.11.0 <=2.12.2), org.apache.jspwiki:jspwiki-210-adapters (>=2.11.0 <=2.12.2) +5 more potentially affected by CVE-2025-24853 via org.apache.jspwiki:jspwiki-main (>=2.11.0 <=2.12.2)
org.apache.jspwiki:jspwiki-main MAVEN version =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.12.2 Source cves: CVE-2025-24853 Source advisory: OSV:GHSA-RRFF-CHJ9-W4C7...
CVE-2025-24853
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
CVE-2025-24853
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
CVE-2025-24853
CVE-2025-24853 affects Apache JSPWiki. The issue is a Cross-Site Scripting (XSS) vulnerability in header link processing, caused by unsafely handling header links created via wiki markup (and, per later research, the markdown parser). When exploited, an attacker could cause JavaScript execution i...
CVE-2025-24853 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
CVE-2025-24853 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
CVE-2025-24853 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...
CVE-2025-24853
creationtimestamp| type| source ---|---|--- 2025-07-30 16:52:21+00:00| seen| https://seclists.org/oss-sec/2025/q3/66 2025-07-30 19:17:32+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lv7dkab3e72u 2025-07-31 10:56:17+00:00| seen|...