Lucene search

[email protected]NVD:CVE-2014-8683

HistoryNov 21, 2014 - 3:59 p.m.

CVE-2014-8683

2014-11-2115:59:10

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.

Affected configurations

NVD

Node

gogitsgogsRange≤0.5.5

gogitsgogsMatch0.3.1-9

gogitsgogsMatch0.4.1

gogitsgogsMatch0.4.2

gogitsgogsMatch0.5.0

gogitsgogsMatch0.5.2

References

gogs.io/docs/intro/change_log.html

packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Nov/34

www.securityfocus.com/archive/1/533996/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/98693

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for NVD:CVE-2014-8683

gitlab1 securityvulns2 osv1 veracode1 cvelist1 cve1 prion1 github1 zdt1 packetstorm1 openvas1