Thanks Juan and the Apache team! Look forward to working with you in the future :)
On Wed, Jul 30, 2025 at 2:54 PM Juan Pablo Santos Rodríguez < [email protected]> wrote: > Severity: Medium > > Affected versions: > > - Apache JSPWiki before Apache JSPWiki up to 2.12.2 > > Description: > > A carefully crafted request using the Image plugin could trigger an XSS > vulnerability on Apache JSPWiki, which could allow the attacker to > execute javascript in the victim's browser and get some sensitive > information about the victim. > > Apache JSPWiki users should upgrade to 2.12.3 or later. > > Credit: > > The issue was separately discovered by both XBOW > (https://github.com/xbow-security, https://xbow.com) and Hamed Kohi > (finders) > > References: > > https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2025-24854 > https://www.cve.org/CVERecord?id=CVE-2025-24854 >
