CVE-2025-52133 is a medium-severity cross-site scripting (XSS) vulnerability affecting the Mocca Calendar application, a component of the xwiki-contrib project. This vulnerability exists in versions prior to 2.15 of Mocca Calendar and arises due to improper neutralization of input during web page generation, specifically when importing calendar data. An attacker can exploit this flaw by injecting malicious scripts into the title field of a calendar import. Because the application fails to properly sanitize or encode this input, the malicious script can be executed in the context of the victim's browser when viewing the calendar. The CVSS 3.1 base score is 6.4, reflecting that the vulnerability can be exploited remotely over the network (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) but no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity (both low), but not availability. No known exploits are currently reported in the wild. The vulnerability is categorized under CWE-79, which is a common web application security issue related to improper input validation and output encoding, leading to XSS attacks. This vulnerability could allow attackers to execute arbitrary JavaScript in the context of users' browsers, potentially leading to session hijacking, defacement, or redirection to malicious sites.

For European organizations using XWiki with the Mocca Calendar extension, this vulnerability poses a risk of client-side attacks that can compromise user sessions and data confidentiality. Since the vulnerability requires low privileges but no user interaction, an attacker with some access to import calendar data could inject malicious scripts that affect other users viewing the calendar. This could lead to unauthorized access to sensitive information, manipulation of displayed data, or further exploitation within the organization's intranet or extranet environments. Organizations relying on XWiki for collaboration and scheduling may face reputational damage and operational disruption if attackers leverage this vulnerability to spread malware or phishing attacks internally. The impact is particularly relevant for sectors with high collaboration needs such as government agencies, educational institutions, and enterprises across Europe. However, since availability is not impacted and exploitation requires some level of privilege, the threat is moderate but should not be underestimated.

European organizations should prioritize upgrading the Mocca Calendar extension to version 2.15 or later, where this vulnerability is addressed. If immediate upgrading is not feasible, organizations should implement strict input validation and output encoding on calendar import titles to neutralize potentially malicious scripts. Restricting calendar import permissions to trusted users only can reduce the attack surface. Additionally, deploying web application firewalls (WAFs) with rules to detect and block typical XSS payloads targeting calendar import functionality can provide a temporary safeguard. Regular security audits and penetration testing focusing on XWiki deployments should include checks for XSS vulnerabilities. User awareness training about suspicious calendar entries and monitoring logs for unusual import activities can also help in early detection and response. Finally, organizations should ensure their browsers and endpoint security solutions are up to date to mitigate the impact of any successful client-side attacks.