CVE-2014-8683 — Cross-site Scripting in Gogs

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 46.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gogs.io Gogs Gogits Gogs

Timeline

PublishedNov 21

Latest updateAug 21

Description

Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Gogogs.io/gogs0.3.1 — 0.5.8

▶NVDgogits/gogs0.5.5+5

🔴Vulnerability Details

OSV

Cross-site Scripting in Gogs in gogs.io/gogs↗2024-08-21

▶

OSV

Cross-site Scripting in Gogs↗2021-06-29

▶

GHSA

Cross-site Scripting in Gogs↗2021-06-29

▶