github.com/gogits/gogs is vulnerable to cross-site scripting (XSS) attacks. The library does not sanitize markdown before rendering it, allowing an attacker to execute arbitrary code via markdown comments.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/gogits/gogs | eq | HEAD | |
github.com/gogits/gogs | le | 0.5.5 |
gogs.io/docs/intro/change_log.html
packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html
seclists.org/bugtraq/2014/Nov/79
seclists.org/fulldisclosure/2014/Nov/34
www.securityfocus.com/archive/1/533996/100/0/threaded
www.securityfocus.com/archive/1/archive/1/533996/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/98693