CVE-2025-30755 | THREATINT

Description

OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output.

PUBLISHED Reserved 2025-03-26 | Published 2025-09-18 | Updated 2025-09-19 | Assigner oracle

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output.

Product status

1.14.1

affected

References

www.oracle.com/...outside-other-oracle-public-documents.html (Oracle Advisory) vendor-advisory

cve.org (CVE-2025-30755)

nvd.nist.gov (CVE-2025-30755)

Download JSON

help @ threatint.eu