Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 up to and including 0.5.x prior to 0.5.8 allows remote malicious users to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gogits gogs 0.3.1-9 |
||
gogits gogs 0.4.1 |
||
gogits gogs 0.4.2 |
||
gogits gogs 0.5.0 |
||
gogits gogs 0.5.2 |
||
gogits gogs |