CVE-2025-21572 | THREATINT

Description

OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.

PUBLISHED Reserved 2024-12-24 | Published 2025-05-02 | Updated 2025-05-06 | Assigner oracle

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.

Product status

1.13.25

affected

References

www.oracle.com/...outside-other-oracle-public-documents.html (Oracle Advisory) vendor-advisory

cve.org (CVE-2025-21572)

nvd.nist.gov (CVE-2025-21572)

Download JSON

help @ threatint.eu