{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-30755","assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","state":"PUBLISHED","assignerShortName":"oracle","dateReserved":"2025-03-26T05:52:18.814Z","datePublished":"2025-09-18T23:32:07.807Z","dateUpdated":"2025-09-19T13:10:31.350Z"},"containers":{"cna":{"affected":[{"product":"OpenGrok","vendor":"Oracle Corporation","versions":[{"status":"affected","version":"1.14.1"}]}],"descriptions":[{"lang":"en","value":"OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output.","lang":"en","type":"text"}]}],"providerMetadata":{"orgId":"43595867-4340-4103-b7a2-9a5208d29a85","shortName":"oracle","dateUpdated":"2025-09-18T23:32:07.807Z"},"references":[{"name":"Oracle Advisory","tags":["vendor-advisory"],"url":"https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html"}]},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-19T13:09:56.023404Z","id":"CVE-2025-30755","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-19T13:10:31.350Z"}}]}}