Moderate severityNVD Advisory· Published Nov 21, 2014· Updated Jun 17, 2026
CVE-2014-8683
CVE-2014-8683
Description
Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | >= 0.3.1, < 0.5.8 | 0.5.8 |
Affected products
7cpe:2.3:a:gogits:gogs:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:gogits:gogs:*:*:*:*:*:*:*:*range: <=0.5.5
- cpe:2.3:a:gogits:gogs:0.3.1-9:*:*:*:*:*:*:*
- cpe:2.3:a:gogits:gogs:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gogits:gogs:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gogits:gogs:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gogits:gogs:0.5.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
14- packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.htmlnvdExploit
- seclists.org/fulldisclosure/2014/Nov/34nvdExploit
- github.com/advisories/GHSA-9hx4-qm7h-x84jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-8683ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/98693nvdWEB
- github.com/gogits/gogs/commit/3abc41cccab2486012b46305827433ad6f5deadeghsaWEB
- github.com/gogits/gogs/releases/tag/v0.5.8ghsaWEB
- gogs.io/docs/intro/change_log.htmlghsaWEB
- packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.htmlghsaWEB
- seclists.org/fulldisclosure/2014/Nov/31ghsaWEB
- seclists.org/fulldisclosure/2014/Nov/34ghsaWEB
- www.securityfocus.com/archive/1/533996/100/0/threadedghsaWEB
- gogs.io/docs/intro/change_log.htmlnvd
- www.securityfocus.com/archive/1/533996/100/0/threadednvd
News mentions
0No linked articles in our index yet.