CVE-2025-47943
published 2025-06-24CVE-2025-47943: Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present…
PriorityP431medium6.3CVSS 3.1
AVNACLPRLUIRSUCHILAN
EPSS
0.30%
21.8th percentile
Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | gogs_gogs | >= 0 < 0.13.3-0.20250608224432-110117b2e5e5 | 0.13.3-0.20250608224432-110117b2e5e5 |
| gogs.io | gogs | >= 0 < 0.13.3-0.20250608224432-110117b2e5e5 | 0.13.3-0.20250608224432-110117b2e5e5 |
| gogs | gogs | <= 0.14.0+dev | — |
| msrc | cbl2_kernel_5.15.86.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
ghsa8.8HIGH
osv8.8HIGH
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Gogs XSS allowed by stored call in PDF renderer in gogs.io/gogs
osv·2025-07-28
CVE-2025-47943 Gogs XSS allowed by stored call in PDF renderer in gogs.io/gogs
Gogs XSS allowed by stored call in PDF renderer in gogs.io/gogs
Gogs XSS allowed by stored call in PDF renderer in gogs.io/gogs
OSV
Gogs XSS allowed by stored call in PDF renderer
osv·2025-06-26·CVSS 8.8
CVE-2025-47943 [HIGH] Gogs XSS allowed by stored call in PDF renderer
Gogs XSS allowed by stored call in PDF renderer
### Summary
A stored XSS is present in Gogs which allows client-side Javascript code execution.
### Details
Gogs Version:
```
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gogs/gogs latest fe92583bc4fe 10 hours ago 99.3MB
```
Application version: `0.14.0+dev`
Local setup using:
```bash
# Pull image from Docker Hub.
docker pull gogs/gogs
# Create local directory for volume.
sudo mkdir -p /var/gogs
# Use `docker run` for the first time.
docker run --name=gogs -p 10022:22 -p 10880:3000 -v /var/gogs:/data gogs/gogs
```
The vulnerability is caused by the usage of a vulnerable and outdated component: `pdfjs-1.4.20` under public/plugins/.
Read more about this vulnerability at [codeanlabs - CVE-2024-4367](https://codeanlabs.com/blog/res
GHSA
Gogs XSS allowed by stored call in PDF renderer
ghsa·2025-06-26·CVSS 8.8
CVE-2025-47943 [HIGH] CWE-79 Gogs XSS allowed by stored call in PDF renderer
Gogs XSS allowed by stored call in PDF renderer
### Summary
A stored XSS is present in Gogs which allows client-side Javascript code execution.
### Details
Gogs Version:
```
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gogs/gogs latest fe92583bc4fe 10 hours ago 99.3MB
```
Application version: `0.14.0+dev`
Local setup using:
```bash
# Pull image from Docker Hub.
docker pull gogs/gogs
# Create local directory for volume.
sudo mkdir -p /var/gogs
# Use `docker run` for the first time.
docker run --name=gogs -p 10022:22 -p 10880:3000 -v /var/gogs:/data gogs/gogs
```
The vulnerability is caused by the usage of a vulnerable and outdated component: `pdfjs-1.4.20` under public/plugins/.
Read more about this vulnerability at [codeanlabs - CVE-2024-4367](https://codeanlabs.com/blog/res
Microsoft
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE when there is a large length in the zero DataOffset case.
vendor_msrc·2022-12-13·CVSS 8.1
CVE-2022-47943 [HIGH] CWE-125 An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE when there is a large length in the zero DataOffset case.
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE when there is a large length in the zero DataOffset case.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the C
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/gogs/gogs/commit/110117b2e5e5baa4809c819bec701e929d2d8d40https://github.com/gogs/gogs/releases/tag/v0.13.3https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4vhttps://www.hacktivesecurity.com/blog/2025/07/15/cve-2025-47943-stored-xss-in-gogs-via-pdfhttps://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v
2025-06-24
Published