Cross-Site Scripting Vulnerability in Mocca Calendar for XWiki
CVE-2025-52131

6.4MEDIUM

Key Information:

Vendor: Xwiki-contrib
Status: Mocca Calendar
Vendor: CVE Published:; 3 August 2025

🔔 Create Xwiki-contrib Vulnerability Alert

What is CVE-2025-52131?

The Mocca Calendar application for XWiki is vulnerable to a cross-site scripting (XSS) attack due to improper validation of user input in the background and text color fields. This vulnerability may allow an attacker to inject malicious scripts into the application, potentially compromising user data and session integrity. It's essential for users to upgrade to version 2.15 or later to mitigate this risk.

Affected Version(s)

Mocca Calendar 0 < 2.15

References

https://github.com/xwikisas/application-mocca-calendar/se...

https://github.com/xwikisas/application-mocca-calendar

https://extensions.xwiki.org/xwiki/bin/view/Extension/Moc...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2025
Vulnerability Reserved
Jun 16, 2025