Fluid Attacks Database

Description

Cross-site Scripting in Gogs Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	gogs.io/gogs	>=0.3.1 <0.5.8	0.5.8

Aliases

1. CVE-2014-86832. NVD-2014-86833. OSV-2014-86834. GCVE-2014-8683

References

1. https://github.com/gogits/gogs/commit/3abc41cccab2486012b46305827433ad6f5deade2. https://exchange.xforce.ibmcloud.com/vulnerabilities/986933. https://github.com/gogits/gogs/releases/tag/v0.5.84. https://gogs.io/docs/intro/change_log.html5. https://packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html6. https://seclists.org/fulldisclosure/2014/Nov/317. https://seclists.org/fulldisclosure/2014/Nov/348. https://www.securityfocus.com/archive/1/533996/100/0/threaded

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.