Reflected Cross-Site Scripting Vulnerability in OpenGrok by Oracle
CVE-2025-30755

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Opengrok
Vendor: CVE Published:; 18 September 2025

What is CVE-2025-30755?

OpenGrok 1.14.1 contains a reflected Cross-Site Scripting (XSS) vulnerability that occurs when the application processes the revision parameter without proper sanitization. Unsanitized user input is reflected in the HTML output, potentially allowing attackers to inject malicious scripts. This issue emphasizes the need for stricter input validation and user input handling to prevent exploitation.

Affected Version(s)

OpenGrok 1.14.1

References

https://www.oracle.com/security-alerts/all-oracle-cves-ou...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Mar 26, 2025