CVE-2025-52132 is a medium-severity cross-site scripting (XSS) vulnerability affecting the Mocca Calendar application, a component of the xwiki-contrib project. This vulnerability exists in versions prior to 2.15 of Mocca Calendar. The flaw arises from improper neutralization of input during web page generation, specifically through the 'title' parameter on the view event page. An attacker with at least low privileges (PR:L) can inject malicious scripts into the title field, which are then executed in the context of other users viewing the event page. The vulnerability has a CVSS 3.1 base score of 6.4, with the vector AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N, indicating network attack vector, low attack complexity, requiring privileges, no user interaction, and a scope change. The impact affects confidentiality and integrity but not availability. There are no known exploits in the wild as of the publication date (August 3, 2025), and no official patches have been linked yet. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS attacks. Since the vulnerability allows script execution in users' browsers, it can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim user within the XWiki environment.

For European organizations using XWiki with the Mocca Calendar extension, this vulnerability poses a moderate risk. XWiki is widely used in enterprise collaboration and knowledge management, including in government, education, and private sectors across Europe. Exploitation could allow attackers to compromise user sessions, steal sensitive information, or manipulate calendar event data, potentially disrupting internal communications and workflows. Given the scope change in the CVSS vector, the vulnerability could affect other components or user privileges beyond the initially compromised user. This is particularly concerning for organizations with sensitive or regulated data, such as financial institutions, healthcare providers, and public sector entities. The lack of user interaction required for exploitation increases the risk of automated or targeted attacks. However, the requirement for at least low privileges limits exploitation to authenticated users, reducing the risk from external unauthenticated attackers but increasing risk from insider threats or compromised accounts.

Organizations should immediately review their use of the Mocca Calendar extension and upgrade to version 2.15 or later once available. In the absence of an official patch, administrators should consider disabling the calendar feature or restricting access to trusted users only. Implementing strict input validation and output encoding on the title field can mitigate the risk of XSS. Web Application Firewalls (WAFs) with rules targeting XSS payloads may provide temporary protection. Additionally, enforcing strong authentication and monitoring user activities can help detect and prevent exploitation attempts. Security teams should educate users about the risks of XSS and encourage cautious behavior when interacting with calendar event titles. Regular security assessments and penetration testing focusing on XWiki deployments are recommended to identify and remediate similar vulnerabilities.