CVE-2014-8683: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

June 29, 2021

Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.

References

github.com/advisories/GHSA-9hx4-qm7h-x84j
github.com/gogits/gogs/commit/3abc41cccab2486012b46305827433ad6f5deade
github.com/gogits/gogs/releases/tag/v0.5.8
nvd.nist.gov/vuln/detail/CVE-2014-8683

Code Behaviors & Features

Detect and mitigate CVE-2014-8683 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →