CVE-2021-28378
published 2021-03-15CVE-2021-28378: Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
PriorityP434medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
8.76%
94.5th percentile
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.13.4 | 1.13.4 |
| gitea | gitea | 1.12.0 – 1.12.6 | — |
| gitea | gitea | >= 1.13.0 < 1.13.4 | 1.13.4 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in Gitea in code.gitea.io/gitea
osv·2024-08-21
CVE-2021-28378 Cross-site Scripting in Gitea in code.gitea.io/gitea
Cross-site Scripting in Gitea in code.gitea.io/gitea
Cross-site Scripting in Gitea in code.gitea.io/gitea
GHSA
Cross-site Scripting in Gitea
ghsa·2021-09-27
CVE-2021-28378 [MEDIUM] CWE-79 Cross-site Scripting in Gitea
Cross-site Scripting in Gitea
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
OSV
Cross-site Scripting in Gitea
osv·2021-09-27
CVE-2021-28378 [MEDIUM] Cross-site Scripting in Gitea
Cross-site Scripting in Gitea
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-15
Published