XSS in Gogits Gogs
CVE-2014-8683
Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (54.1th percentile) — read the EPSS interpretation.
Affected products
- Gogits Gogs — versions 0.3.1-9, 0.4.1, 0.4.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 20141114 CVE-2014-8683 XSS in Gogs Markdown Renderer (mailing-list, Exploit, x_refsource_FULLDISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM)
- gogs-cve20148683-xss(98693) (vdb-entry, x_refsource_XF)
- 20141114 CVE-2014-8683 XSS in Gogs Markdown Renderer (mailing-list, x_refsource_BUGTRAQ)