Lucene search
Veracode Vulnerability DatabaseVERACODE:4038HistoryApr 28, 2017 - 7:24 a.m.
Cross-site Scripting (XSS)
2017-04-2807:24:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.005 Low
EPSS
Percentile
75.6%
github.com/gogits/gogs is vulnerable to cross-site scripting (XSS) attacks. The library does not sanitize markdown before rendering it, allowing an attacker to execute arbitrary code via markdown comments.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/gogits/gogs | eq | HEAD | |
| github.com/gogits/gogs | le | 0.5.5 |
References
gogs.io/docs/intro/change_log.html
packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html
seclists.org/bugtraq/2014/Nov/79
seclists.org/fulldisclosure/2014/Nov/34
www.securityfocus.com/archive/1/533996/100/0/threaded
www.securityfocus.com/archive/1/archive/1/533996/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/98693
Related
gitlab
gitlab
securityvulns
securityvulns
CVE-2014-8683 XSS in Gogs Markdown Renderer
2014-12-01 00:00:00
osv
osv
Cross-site Scripting in Gogs
2021-06-29 18:32:53
cvelist
cvelist
CVE-2014-8683
2014-11-21 15:00:00
cve
cve
CVE-2014-8683
2014-11-21 15:59:10
prion
prion
Cross site scripting
2014-11-21 15:59:00
github
github
Cross-site Scripting in Gogs
2021-06-29 18:32:53
packetstorm
packetstorm
Gogs Markdown Renderer Cross Site Scripting
2014-11-14 00:00:00
nvd
nvd
CVE-2014-8683
2014-11-21 15:59:10
zdt
zdt
Gogs Markdown Renderer Cross Site Scripting Vulnerability
2014-11-16 00:00:00
openvas
openvas
Gogs >= 0.3.1, < 0.5.8 Multiple Vulnerabilities
2015-02-06 00:00:00