Skip to content

Cross-site Scripting in Gogs

Moderate severity GitHub Reviewed Published Jun 29, 2021 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

gomod gogs.io/gogs (Go)

Affected versions

>= 0.3.1, < 0.5.8

Patched versions

0.5.8

Description

Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.

References

Reviewed May 20, 2021
Published to the GitHub Advisory Database Jun 29, 2021
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

0.467%
(76th percentile)

Weaknesses

CVE ID

CVE-2014-8683

GHSA ID

GHSA-9hx4-qm7h-x84j

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.