Moderate severityNVD Advisory· Published Jul 11, 2019· Updated Aug 5, 2024
CVE-2019-1010314
CVE-2019-1010314
Description
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
code.gitea.io/giteaGo | >= 1.7.2, < 1.7.4 | 1.7.4 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-hqx2-j33x-9fc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-1010314ghsaADVISORY
- github.com/go-gitea/gitea/commit/c7bbfd8f5eb097c6910e142415fcdf48fc3c9814ghsaWEB
- github.com/go-gitea/gitea/issues/8717ghsaWEB
- github.com/go-gitea/gitea/pull/6306ghsaWEB
- github.com/go-gitea/gitea/pull/6308ghsaWEB
- github.com/go-gitea/gitea/releasesmitrex_refsource_MISC
- github.com/go-gitea/gitea/releases/tag/v1.7.4ghsaWEB
News mentions
0No linked articles in our index yet.