CVE-2025-21572

OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.

CVSS

No CVSS.

References

Link	Resource
https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:opengrok:1.13.25:*:*:*:*:*:*:*

History

17 Jun 2025, 14:16

Type	Values Removed	Values Added
First Time		Oracle Oracle opengrok
References	~~() https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html -~~	() https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html - Patch, Vendor Advisory
CPE		cpe:2.3:a:oracle:opengrok:1.13.25:::::::*

06 May 2025, 15:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : unknown

02 May 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-02 22:15

Updated : 2025-06-17 14:16

NVD link : CVE-2025-21572

Mitre link : CVE-2025-21572

JSON object : View

Products Affected

oracle

opengrok

CWE

No CWE.

JSON object

Attach tags to CVE-2025-21572

Attach tags to `CVE-2025-21572`