| ID |
CVE-2025-47943
|
| Sažetak |
Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3. |
| Reference |
|
| CVSS |
| Base: | 6.3 |
| Impact: | 4.2 |
| Exploitability: | 2.1 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
LOW |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| HIGH |
LOW |
NONE |
|
| CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N |
| Zadnje važnije ažuriranje |
24-06-2025 - 22:15 |
| Objavljeno |
24-06-2025 - 04:15 |
