{"id":"CVE-2025-30755","details":"OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output.","modified":"2026-04-10T05:24:54.299159Z","published":"2025-09-19T00:15:34.460Z","references":[{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oracle/opengrok","events":[{"introduced":"0"},{"last_affected":"0010bd7fd0bbdce260f4e517d9817fdcb232c9a4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.14.1"}]}}],"versions":["0.12","0.12-rc1","0.12-rc2","0.12-rc3","0.12-rc4","0.12-rc5","0.12-rc6","0.12-rc7","0.12.1","0.13-rc1","0.13-rc10","0.13-rc7","0.13-rc8","0.13-rc9","0.13.rc3","0.13.rc4","0.13.rc6","1.0","1.1","1.1-rc1","1.1-rc10","1.1-rc11","1.1-rc12","1.1-rc13","1.1-rc14","1.1-rc15","1.1-rc16","1.1-rc17","1.1-rc18","1.1-rc19","1.1-rc2","1.1-rc20","1.1-rc21","1.1-rc22","1.1-rc23","1.1-rc24","1.1-rc25","1.1-rc26","1.1-rc27","1.1-rc28","1.1-rc29","1.1-rc3","1.1-rc30","1.1-rc31","1.1-rc32","1.1-rc33","1.1-rc34","1.1-rc35","1.1-rc36","1.1-rc37","1.1-rc38","1.1-rc39","1.1-rc4","1.1-rc40","1.1-rc41","1.1-rc42","1.1-rc43","1.1-rc44","1.1-rc45","1.1-rc46","1.1-rc47","1.1-rc48","1.1-rc49","1.1-rc5","1.1-rc50","1.1-rc51","1.1-rc52","1.1-rc53","1.1-rc54","1.1-rc55","1.1-rc56","1.1-rc57","1.1-rc58","1.1-rc59","1.1-rc6","1.1-rc60","1.1-rc61","1.1-rc62","1.1-rc63","1.1-rc64","1.1-rc65","1.1-rc66","1.1-rc67","1.1-rc68","1.1-rc69","1.1-rc7","1.1-rc70","1.1-rc71","1.1-rc72","1.1-rc73","1.1-rc74","1.1-rc75","1.1-rc76","1.1-rc77","1.1-rc78","1.1-rc79","1.1-rc8","1.1-rc80","1.1-rc81","1.1-rc82","1.1-rc9","1.1.0","1.1.1","1.1.2","1.10.0","1.11.0","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.12.0","1.12.1","1.12.10","1.12.11","1.12.12","1.12.13","1.12.14","1.12.15","1.12.16","1.12.17","1.12.18","1.12.19","1.12.2","1.12.20","1.12.21","1.12.22","1.12.23","1.12.24","1.12.25","1.12.26","1.12.27","1.12.28","1.12.3","1.12.4","1.12.5","1.12.6","1.12.7","1.12.8","1.12.9","1.13.0","1.13.1","1.13.10","1.13.11","1.13.12","1.13.13","1.13.14","1.13.15","1.13.16","1.13.17","1.13.18","1.13.19","1.13.2","1.13.20","1.13.21","1.13.22","1.13.23","1.13.24","1.13.25","1.13.26","1.13.27","1.13.28","1.13.29","1.13.3","1.13.30","1.13.31","1.13.32","1.13.4","1.13.5","1.13.6","1.13.7","1.13.8","1.13.9","1.14.0","1.14.1","1.2.0","1.2.1","1.2.10","1.2.11","1.2.12","1.2.13","1.2.14","1.2.15","1.2.16","1.2.17","1.2.18","1.2.19","1.2.2","1.2.20","1.2.21","1.2.22","1.2.23","1.2.24","1.2.25","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.3.0","1.3.1","1.3.10","1.3.11","1.3.12","1.3.13","1.3.14","1.3.15","1.3.16","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.5.0","1.5.1","1.5.10","1.5.11","1.5.12","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7.0","1.7.1","1.7.10","1.7.11","1.7.12","1.7.13","1.7.14","1.7.15","1.7.16","1.7.17","1.7.18","1.7.19","1.7.2","1.7.20","1.7.21","1.7.22","1.7.23","1.7.24","1.7.25","1.7.26","1.7.27","1.7.28","1.7.29","1.7.3","1.7.30","1.7.31","1.7.32","1.7.33","1.7.34","1.7.35","1.7.36","1.7.37","1.7.38","1.7.39","1.7.4","1.7.40","1.7.41","1.7.42","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","untagged-2d067cc3eab919a1b8d1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30755.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}