Cross-Site Scripting Vulnerability in Mocca Calendar Application by XWiki
CVE-2025-52132

6.4MEDIUM

Key Information:

Vendor: Xwiki-contrib
Status: Mocca Calendar
Vendor: CVE Published:; 3 August 2025

🔔 Create Xwiki-contrib Vulnerability Alert

What is CVE-2025-52132?

The Mocca Calendar application prior to version 2.15 for XWiki is susceptible to a cross-site scripting (XSS) attack. This vulnerability arises when user input in the event title is not properly sanitized before being rendered on the view event page. This lack of input validation can allow malicious users to inject arbitrary script code, which can execute in the browser of any user viewing the calendar page. Exploiting this vulnerability could lead to potential data theft, session hijacking, or other harmful actions against users interacting with the affected application.

Affected Version(s)

Mocca Calendar 0 < 2.15

References

https://github.com/xwikisas/application-mocca-calendar

https://github.com/xwikisas/application-mocca-calendar/se...

https://extensions.xwiki.org/xwiki/bin/view/Extension/Moc...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2025
Vulnerability Reserved
Jun 16, 2025