CVE-2019-1010261
N/A
N/A
Summary
Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Gitea | Gitea | 1.7.0 and earlier [fixed: 1.7.1 and later] | affected |
Weaknesses
- Cross Site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.