Reflected Cross-Site Scripting Vulnerability in OpenGrok by Oracle
CVE-2025-30755

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Opengrok
Vendor: CVE Published:; 18 September 2025

What is CVE-2025-30755?

OpenGrok 1.14.1 contains a reflected Cross-Site Scripting (XSS) vulnerability that occurs when the application processes the revision parameter without proper sanitization. Unsanitized user input is reflected in the HTML output, potentially allowing attackers to inject malicious scripts. This issue emphasizes the need for stricter input validation and user input handling to prevent exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenGrok 1.14.1

References

https://www.oracle.com/security-alerts/all-oracle-cves-ou...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Mar 26, 2025

JSON

Oracle