GHSA-hqx2-j33x-9fc4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hqx2-j33x-9fc4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hqx2-j33x-9fc4/GHSA-hqx2-j33x-9fc4.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-hqx2-j33x-9fc4
- Aliases
- Published
- 2022-05-24T16:50:02Z
- Modified
- 2024-04-24T21:11:52.888320Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Gitea XSS Vulnerability in Repository Description
- Details
-
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
- Database specific
{ "nvd_published_at": "2019-07-11T20:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-24T20:58:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010314
- https://github.com/go-gitea/gitea/issues/8717
- https://github.com/go-gitea/gitea/pull/6306
- https://github.com/go-gitea/gitea/pull/6308
- https://github.com/go-gitea/gitea/commit/c7bbfd8f5eb097c6910e142415fcdf48fc3c9814
- https://github.com/go-gitea/gitea
- https://github.com/go-gitea/gitea/releases/tag/v1.7.4
Affected packages
Go / code.gitea.io/gitea
Package
- Name
- code.gitea.io/gitea
- View open source insights on deps.dev
- Purl
- pkg:golang/code.gitea.io/gitea