exploitDog

CVE-2025-21572

Опубликовано: 02 мая 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.

Ссылки

https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:opengrok:1.13.25:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.0005

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-5vvw-768m-99hf

CVSS3: 6.1

github

9 месяцев назад

OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.

EPSS

Процентиль: 15%

0.0005

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79