NVD

Id
35671  
Name
CVE-2014-8683  
Description
Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-11-21  
Modified Date
2014-11-24  
Seq
2014-8683  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
182693 35671 CVE-2014-8683 http://gogs.io/docs/intro/change_log.html  View
182694 35671 CVE-2014-8683 http://packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html  View
182695 35671 CVE-2014-8683 20141114 CVE-2014-8683 XSS in Gogs Markdown Renderer  View
182696 35671 CVE-2014-8683 20141114 CVE-2014-8683 XSS in Gogs Markdown Renderer  View
182697 35671 CVE-2014-8683 gogs-cve20148683-xss(98693)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16706 JVNDB-2014-005581 Gogs の models/issue.go におけるクロスサイトスクリプティングの脆弱性 Gogs (別名 Go Git Service) の models/issue.go には、クロスサイトスクリプティングの脆弱性が存在します CVE-2014-8683 75976 CVE-2014-8683 35671 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005581.html 2014-11-19 2014-11-25 View