Lucene search
GoogleOSV:GHSA-9HX4-QM7H-X84JHistoryJun 29, 2021 - 6:32 p.m.
Cross-site Scripting in Gogs
2021-06-2918:32:53
Google
osv.dev
7
0.005 Low
EPSS
Percentile
75.6%
Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gogs.io/gogs | lt | 0.5.8 | |
| gogs.io/gogs | ge | 0.3.1 |
References
exchange.xforce.ibmcloud.com/vulnerabilities/98693
github.com/gogits/gogs/commit/3abc41cccab2486012b46305827433ad6f5deade
github.com/gogits/gogs/releases/tag/v0.5.8
gogs.io/docs/intro/change_log.html
nvd.nist.gov/vuln/detail/CVE-2014-8683
packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2014/Nov/31
seclists.org/fulldisclosure/2014/Nov/34
www.securityfocus.com/archive/1/533996/100/0/threaded
Related
gitlab
gitlab
securityvulns
securityvulns
CVE-2014-8683 XSS in Gogs Markdown Renderer
2014-12-01 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-04-28 07:24:32
cvelist
cvelist
CVE-2014-8683
2014-11-21 15:00:00
zdt
zdt
Gogs Markdown Renderer Cross Site Scripting Vulnerability
2014-11-16 00:00:00
cve
cve
CVE-2014-8683
2014-11-21 15:59:10
prion
prion
Cross site scripting
2014-11-21 15:59:00
github
github
Cross-site Scripting in Gogs
2021-06-29 18:32:53
packetstorm
packetstorm
Gogs Markdown Renderer Cross Site Scripting
2014-11-14 00:00:00
nvd
nvd
CVE-2014-8683
2014-11-21 15:59:10
openvas
openvas
Gogs >= 0.3.1, < 0.5.8 Multiple Vulnerabilities
2015-02-06 00:00:00