Cross Site Scripting (XSS) vulnerability in Gitea 1.7.0 and earlier allows arbitrary JavaScript execution in victim's browser

Cross Site Scripting (XSS) vulnerability in Gitea 1.7.0 and earlier allows arbitrary JavaScript execution in victim's browser

CVE-2019-1010261 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.

Learn more about our Web Application Penetration Testing UK.