Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.
{"prion": [{"lastseen": "2023-11-22T04:15:03", "description": "Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.", "cvss3": {}, "published": "2014-11-21T15:59:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8683"], "modified": "2018-10-09T19:54:00", "id": "PRION:CVE-2014-8683", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-8683", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-12-02T10:58:37", "description": "Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.", "cvss3": {}, "published": "2014-11-21T15:59:00", "type": "cve", "title": "CVE-2014-8683", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8683"], "modified": "2018-10-09T19:54:00", "cpe": ["cpe:/a:gogits:gogs:0.5.0", "cpe:/a:gogits:gogs:0.5.5", "cpe:/a:gogits:gogs:0.4.2", "cpe:/a:gogits:gogs:0.4.1", "cpe:/a:gogits:gogs:0.3.1-9", "cpe:/a:gogits:gogs:0.5.2"], "id": "CVE-2014-8683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8683", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:gogits:gogs:0.3.1-9:*:*:*:*:*:*:*", "cpe:2.3:a:gogits:gogs:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gogits:gogs:0.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:gogits:gogs:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:gogits:gogs:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gogits:gogs:0.4.2:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2018-01-09T13:07:23", "description": "Gogs markdown renderer suffers from a cross site scripting vulnerability. Versions 0.3.1-9-g49dc57e are affected.", "cvss3": {}, "published": "2014-11-16T00:00:00", "type": "zdt", "title": "Gogs Markdown Renderer Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-8683"], "modified": "2014-11-16T00:00:00", "id": "1337DAY-ID-22875", "href": "https://0day.today/exploit/description/22875", "sourceData": "XSS in Gogs Markdown Renderer\r\n=============================\r\nResearcher: Timo Schmid <[email\u00a0protected]>\r\n\r\n\r\nDescription\r\n===========\r\nGogs(Go Git Service) is a painless self-hosted Git Service written in\r\nGo. (taken\r\n from [1])\r\n\r\nIt is very similiar to the github hosting plattform. Multiple users can\r\ncreate\r\nmultiple repositories and share code with others with the git version\r\ncontrol\r\nsystem. Repositories can be marked as public or private to prevent\r\naccess from\r\n unauthorized users.\r\n\r\nGogs provides two api views to transform markdown into HTML at the urls\r\n/api/v1/markdown and /api/v1/markdown/raw\r\n\r\nThe transformation is vulnerable to XSS.\r\n\r\n\r\nExploitation Technique:\r\n=======================\r\nRemote\r\n\r\n\r\nSeverity Level:\r\n===============\r\nMedium\r\n\r\n\r\nCVSS Base Score\r\n===============\r\n4.3 (AV:N / AC:M / Au:N / C:P / I:N / A:N)\r\n\r\n\r\nCVE-ID\r\n======\r\nCVE-2014-8683\r\n\r\n\r\nImpact\r\n======\r\nThe vulnerability could be used together with social engineering attacks\r\nto gain\r\naccess to restricted resources by extracting authentication tokens from\r\ncookies\r\nor by executing commands in the context of the logged in victim.\r\n\r\n\r\nStatus\r\n======\r\nNot fixed\r\n\r\n\r\nVulnerable Code Section\r\n=======================\r\nmodels/issue.go:\r\n[...]\r\nfunc RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {\r\n body := RenderSpecialLink(rawBytes, urlPrefix)\r\n body = RenderRawMarkdown(body, urlPrefix)\r\n return body\r\n}\r\n\r\nfunc RenderMarkdownString(raw, urlPrefix string) string {\r\n return string(RenderMarkdown([]byte(raw), urlPrefix))\r\n}\r\n[...]\r\n\r\n\r\nProof of Concept\r\n================\r\nForm to trigger XSS:\r\n<form action=\"http://example.com/api/v1/markdown\" method=\"post\">\r\n<input name=\"text\" value=\"<img\r\nonerror=\"alert(\"XSS\")\r\n\" src=\"x\">\">\r\n<input type=\"submit\">\r\n</form>\r\n\r\nResponse:\r\n<p><img onerror=\"alert(\"XSS\")\" src=\"x\"></p>\r\n\r\n\r\nSolution\r\n========\r\nThe markdown processing should reject or filter any HTML input and\r\nprocess only\r\nmarkdown content.\r\n\r\n\r\nAffected Versions\r\n=================\r\n>= v0.3.1-9-g49dc57e\r\n\r\n\r\nTimeline\r\n========\r\n2014-09-25: Developer informed\r\n2014-10-16: Contact of developer regarding fix\r\n2014-10-25: Working together with developer on fix\r\n2014-11-03: Contacted developer\r\n2014-11-14: CVE-ID assigned\r\n\r\n\r\nCredits\r\n=======\r\nPascal Turbing <[email\u00a0protected]>\r\nJiahua (Joe) Chen <[email\u00a0protected]>\r\n\r\n\r\nReferences\r\n==========\r\n[1] https://github.com/gogits/gogs\r\n[2] http://gogs.io/\r\n[3] https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)\r\n[4] https://www.ernw.de/download/BC-1404.txt\r\n\r\n\r\nAdvisory-ID\r\n===========\r\nBC-1404\r\n\r\n\r\nDisclaimer\r\n==========\r\nThe information herein contained may change without notice. Use of this\r\ninformation constitutes acceptance for use in an AS IS condition. There\r\nare NO\r\nwarranties, implied or otherwise, with regard to this information or its\r\nuse.\r\nAny use of this information is at the user's risk. In no event shall the\r\nauthor/\r\ndistributor be held liable for any damages whatsoever arising out of or in\r\nconnection with the use or spread of this information.\n\n# 0day.today [2018-01-09] #", "sourceHref": "https://0day.today/exploit/22875", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "veracode": [{"lastseen": "2023-04-18T16:31:38", "description": "github.com/gogits/gogs is vulnerable to cross-site scripting (XSS) attacks. The library does not sanitize markdown before rendering it, allowing an attacker to execute arbitrary code via markdown comments.\n", "cvss3": {}, "published": "2017-04-28T07:24:32", "type": "veracode", "title": "Cross-site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8683"], "modified": "2019-05-15T06:18:10", "id": "VERACODE:4038", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4038/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "gitlab": [{"lastseen": "2023-08-16T07:42:48", "description": "Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.", "cvss3": {}, "published": "2021-06-29T00:00:00", "type": "gitlab", "title": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8683"], "modified": "2021-06-29T00:00:00", "id": "GITLAB-13B20B3AA202E5A78259B35F31B6A714", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/go%2Fgogs.io%2Fgogs%2FCVE-2014-8683.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-05-12T01:14:25", "description": "Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.", "cvss3": {}, "published": "2021-06-29T18:32:53", "type": "osv", "title": "Cross-site Scripting in Gogs", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8683"], "modified": "2021-05-20T16:31:56", "id": "OSV:GHSA-9HX4-QM7H-X84J", "href": "https://osv.dev/vulnerability/GHSA-9hx4-qm7h-x84j", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: RIPEMD160\r\n\r\nXSS in Gogs Markdown Renderer\r\n=============================\r\nResearcher: Timo Schmid <tschmid@ernw.de>\r\n\r\n\r\nDescription\r\n===========\r\nGogs(Go Git Service) is a painless self-hosted Git Service written in\r\nGo. (taken\r\n from [1])\r\n\r\nIt is very similiar to the github hosting plattform. Multiple users can\r\ncreate\r\nmultiple repositories and share code with others with the git version\r\ncontrol\r\nsystem. Repositories can be marked as public or private to prevent\r\naccess from\r\n unauthorized users.\r\n\r\nGogs provides two api views to transform markdown into HTML at the urls\r\n/api/v1/markdown and /api/v1/markdown/raw\r\n\r\nThe transformation is vulnerable to XSS.\r\n\r\n\r\nExploitation Technique:\r\n=======================\r\nRemote\r\n\r\n\r\nSeverity Level:\r\n===============\r\nMedium\r\n\r\n\r\nCVSS Base Score\r\n===============\r\n4.3 (AV:N / AC:M / Au:N / C:P / I:N / A:N)\r\n\r\n\r\nCVE-ID\r\n======\r\nCVE-2014-8683\r\n\r\n\r\nImpact\r\n======\r\nThe vulnerability could be used together with social engineering attacks\r\nto gain\r\naccess to restricted resources by extracting authentication tokens from\r\ncookies\r\nor by executing commands in the context of the logged in victim.\r\n\r\n\r\nStatus\r\n======\r\nNot fixed\r\n\r\n\r\nVulnerable Code Section\r\n=======================\r\nmodels/issue.go:\r\n[...]\r\nfunc RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {\r\n body := RenderSpecialLink(rawBytes, urlPrefix)\r\n body = RenderRawMarkdown(body, urlPrefix)\r\n return body\r\n}\r\n\r\nfunc RenderMarkdownString(raw, urlPrefix string) string {\r\n return string(RenderMarkdown([]byte(raw), urlPrefix))\r\n}\r\n[...]\r\n\r\n\r\nProof of Concept\r\n================\r\nForm to trigger XSS:\r\n<form action="http://example.com/api/v1/markdown" method="post">\r\n<input name="text" value="&lt;img\r\nonerror=&quot;alert(&amp;quot;XSS&amp;quot;)\r\n&quot; src=&quot;x&quot;&gt;">\r\n<input type="submit">\r\n</form>\r\n\r\nResponse:\r\n<p><img onerror="alert(&quot;XSS&quot;)" src="x"></p>\r\n\r\n\r\nSolution\r\n========\r\nThe markdown processing should reject or filter any HTML input and\r\nprocess only\r\nmarkdown content.\r\n\r\n\r\nAffected Versions\r\n=================\r\n> = v0.3.1-9-g49dc57e\r\n\r\n\r\nTimeline\r\n========\r\n2014-09-25: Developer informed\r\n2014-10-16: Contact of developer regarding fix\r\n2014-10-25: Working together with developer on fix\r\n2014-11-03: Contacted developer\r\n2014-11-14: CVE-ID assigned\r\n\r\n\r\nCredits\r\n=======\r\nPascal Turbing <pturbing@ernw.de>\r\nJiahua (Joe) Chen <u@gogs.io>\r\n\r\n\r\nReferences\r\n==========\r\n[1] https://github.com/gogits/gogs\r\n[2] http://gogs.io/\r\n[3] https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)\r\n[4] https://www.ernw.de/download/BC-1404.txt\r\n\r\n\r\nAdvisory-ID\r\n===========\r\nBC-1404\r\n\r\n\r\nDisclaimer\r\n==========\r\nThe information herein contained may change without notice. Use of this\r\ninformation constitutes acceptance for use in an AS IS condition. There\r\nare NO\r\nwarranties, implied or otherwise, with regard to this information or its\r\nuse.\r\nAny use of this information is at the user's risk. In no event shall the\r\nauthor/\r\ndistributor be held liable for any damages whatsoever arising out of or in\r\nconnection with the use or spread of this information.\r\n\r\n- -- \r\nTimo Schmid\r\n\r\nERNW GmbH, Carl-Bosch-Str. 4, 69115 Heidelberg - www.ernw.de\r\nTel. +49 6221 480390 - Fax 6221 419008 - Cell +49 151 16227192\r\nPGP-FP 971B D4F7 5DD1 FCED 11FC 2C61 7AB6 927D 6F26 6CE0\r\n\r\nHandelsregister Mannheim: HRB 337135\r\nGeschaeftsfuehrer: Enno Rey\r\n\r\n==============================================================\r\n|| Blog: www.insinuator.net | | Conference: www.troopers.de ||\r\n==============================================================\r\n================== TROOPERS15 ==================\r\n* International IT Security Conference & Workshops\r\n* 16th - 20st March 2015 / Heidelberg, Germany\r\n* www.troopers.de\r\n====================================================\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2\r\n\r\niQEcBAEBAwAGBQJUZlGDAAoJEHq2kn1vJmzgr28H/20Yb2h9Wj7eUD7/L8jggNVz\r\nQISEQYsS6tuUGM59fYNRj7qGa/PnX5biaW3qD2Zy3erS+CfO4pFOGMZcjFSyNrL5\r\nsFZmVAYftGnPLYTFh2Wt4iV3Yx3CgPzdlYZFSqXDynw5xWokSTqnlquwiUrIG1JW\r\n45CYitwsTd9KzaoCMzeQeiPbSbjrZ+kQyM6+iMuBTqyfpbIf1A4kpJi0sULEU/a2\r\nfMPUmlFoFBSlIfxUXKY8sRcritZHI9GiMnVOGsHxtW3RSszP3MfNDu0uJ4AaAHRF\r\n3J1AH2DCuKrig9rMxUWzI3RrogOc5HrQYIIhM2gv8E7W2xkP4Ypozxwaw7JwBS4=\r\n=uWDU\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n", "cvss3": {}, "published": "2014-12-01T00:00:00", "type": "securityvulns", "title": "CVE-2014-8683 XSS in Gogs Markdown Renderer", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-8683"], "modified": "2014-12-01T00:00:00", "id": "SECURITYVULNS:DOC:31436", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31436", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T18:50:36", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "cvss3": {}, "published": "2014-12-01T00:00:00", "type": "securityvulns", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-9031", "CVE-2014-6038", "CVE-2014-9039", "CVE-2014-9015", "CVE-2014-5257", "CVE-2014-8088", "CVE-2014-8958", "CVE-2014-3629", "CVE-2014-8499", "CVE-2014-9035", "CVE-2014-5269", "CVE-2014-8961", "CVE-2014-9033", "CVE-2014-9036", "CVE-2014-7958", "CVE-2014-8350", "CVE-2014-7866", "CVE-2014-6039", "CVE-2014-8959", "CVE-2014-8498", "CVE-2014-7137", "CVE-2014-8429", "CVE-2014-7868", "CVE-2014-8682", "CVE-2012-4437", "CVE-2014-8960", "CVE-2014-9037", "CVE-2014-7959", "CVE-2014-8683", "CVE-2014-9034", "CVE-2014-8732", "CVE-2014-9032", "CVE-2014-8749", "CVE-2014-8877", "CVE-2014-8337", "CVE-2014-9038", "CVE-2014-9016", "CVE-2014-8600", "CVE-2014-8731", "CVE-2014-8539"], "modified": "2014-12-01T00:00:00", "id": "SECURITYVULNS:VULN:14113", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14113", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:24", "description": "", "cvss3": {}, "published": "2014-11-14T00:00:00", "type": "packetstorm", "title": "Gogs Markdown Renderer Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-8683"], "modified": "2014-11-14T00:00:00", "id": "PACKETSTORM:129118", "href": "https://packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html", "sourceData": "` \n-----BEGIN PGP SIGNED MESSAGE----- \nHash: RIPEMD160 \n \nXSS in Gogs Markdown Renderer \n============================= \nResearcher: Timo Schmid <tschmid@ernw.de> \n \n \nDescription \n=========== \nGogs(Go Git Service) is a painless self-hosted Git Service written in \nGo. (taken \nfrom [1]) \n \nIt is very similiar to the github hosting plattform. Multiple users can \ncreate \nmultiple repositories and share code with others with the git version \ncontrol \nsystem. Repositories can be marked as public or private to prevent \naccess from \nunauthorized users. \n \nGogs provides two api views to transform markdown into HTML at the urls \n/api/v1/markdown and /api/v1/markdown/raw \n \nThe transformation is vulnerable to XSS. \n \n \nExploitation Technique: \n======================= \nRemote \n \n \nSeverity Level: \n=============== \nMedium \n \n \nCVSS Base Score \n=============== \n4.3 (AV:N / AC:M / Au:N / C:P / I:N / A:N) \n \n \nCVE-ID \n====== \nCVE-2014-8683 \n \n \nImpact \n====== \nThe vulnerability could be used together with social engineering attacks \nto gain \naccess to restricted resources by extracting authentication tokens from \ncookies \nor by executing commands in the context of the logged in victim. \n \n \nStatus \n====== \nNot fixed \n \n \nVulnerable Code Section \n======================= \nmodels/issue.go: \n[...] \nfunc RenderMarkdown(rawBytes []byte, urlPrefix string) []byte { \nbody := RenderSpecialLink(rawBytes, urlPrefix) \nbody = RenderRawMarkdown(body, urlPrefix) \nreturn body \n} \n \nfunc RenderMarkdownString(raw, urlPrefix string) string { \nreturn string(RenderMarkdown([]byte(raw), urlPrefix)) \n} \n[...] \n \n \nProof of Concept \n================ \nForm to trigger XSS: \n<form action=\"http://example.com/api/v1/markdown\" method=\"post\"> \n<input name=\"text\" value=\"<img \nonerror=\"alert(\"XSS\") \n\" src=\"x\">\"> \n<input type=\"submit\"> \n</form> \n \nResponse: \n<p><img onerror=\"alert(\"XSS\")\" src=\"x\"></p> \n \n \nSolution \n======== \nThe markdown processing should reject or filter any HTML input and \nprocess only \nmarkdown content. \n \n \nAffected Versions \n================= \n>= v0.3.1-9-g49dc57e \n \n \nTimeline \n======== \n2014-09-25: Developer informed \n2014-10-16: Contact of developer regarding fix \n2014-10-25: Working together with developer on fix \n2014-11-03: Contacted developer \n2014-11-14: CVE-ID assigned \n \n \nCredits \n======= \nPascal Turbing <pturbing@ernw.de> \nJiahua (Joe) Chen <u@gogs.io> \n \n \nReferences \n========== \n[1] https://github.com/gogits/gogs \n[2] http://gogs.io/ \n[3] https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) \n[4] https://www.ernw.de/download/BC-1404.txt \n \n \nAdvisory-ID \n=========== \nBC-1404 \n \n \nDisclaimer \n========== \nThe information herein contained may change without notice. Use of this \ninformation constitutes acceptance for use in an AS IS condition. There \nare NO \nwarranties, implied or otherwise, with regard to this information or its \nuse. \nAny use of this information is at the user's risk. In no event shall the \nauthor/ \ndistributor be held liable for any damages whatsoever arising out of or in \nconnection with the use or spread of this information. \n \n- -- \nTimo Schmid \n \nERNW GmbH, Carl-Bosch-Str. 4, 69115 Heidelberg - www.ernw.de \nTel. +49 6221 480390 - Fax 6221 419008 - Cell +49 151 16227192 \nPGP-FP 971B D4F7 5DD1 FCED 11FC 2C61 7AB6 927D 6F26 6CE0 \n \nHandelsregister Mannheim: HRB 337135 \nGeschaeftsfuehrer: Enno Rey \n \n============================================================== \n|| Blog: www.insinuator.net | | Conference: www.troopers.de || \n============================================================== \n================== TROOPERS15 ================== \n* International IT Security Conference & Workshops \n* 16th - 20st March 2015 / Heidelberg, Germany \n* www.troopers.de \n==================================================== \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v2 \n \niQEcBAEBAwAGBQJUZlGDAAoJEHq2kn1vJmzgr28H/20Yb2h9Wj7eUD7/L8jggNVz \nQISEQYsS6tuUGM59fYNRj7qGa/PnX5biaW3qD2Zy3erS+CfO4pFOGMZcjFSyNrL5 \nsFZmVAYftGnPLYTFh2Wt4iV3Yx3CgPzdlYZFSqXDynw5xWokSTqnlquwiUrIG1JW \n45CYitwsTd9KzaoCMzeQeiPbSbjrZ+kQyM6+iMuBTqyfpbIf1A4kpJi0sULEU/a2 \nfMPUmlFoFBSlIfxUXKY8sRcritZHI9GiMnVOGsHxtW3RSszP3MfNDu0uJ4AaAHRF \n3J1AH2DCuKrig9rMxUWzI3RrogOc5HrQYIIhM2gv8E7W2xkP4Ypozxwaw7JwBS4= \n=uWDU \n-----END PGP SIGNATURE----- \n \n \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/129118/gogs-xss.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2020-06-11T17:43:03", "description": "Gogs (Go Git Service) is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-02-06T00:00:00", "type": "openvas", "title": "Gogs < 0.5.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8682", "CVE-2014-8683", "CVE-2014-8681"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310105952", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105952", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Gogs Multiple Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:gogs:gogs\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105952\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-02-06 14:11:04 +0700 (Fri, 06 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2014-8681\", \"CVE-2014-8682\", \"CVE-2014-8683\");\n script_bugtraq_id(71188, 71187, 71186);\n\n script_name(\"Gogs < 0.5.8 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_gogs_detect.nasl\");\n script_mandatory_keys(\"gogs/detected\");\n\n script_tag(name:\"summary\", value:\"Gogs (Go Git Service) is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The installed Gogs version is prone to the following vulnerabilities:\n\n CVE-2014-8681:\n SQL injection vulnerability in the GetIssues function in models/issue.go.\n\n CVE-2014-8682:\n Multiple SQL injection vulnerabilities in the q parameter of api/v1/repos/search, which is not properly handled in models/repo.go and in api/v1/users/search, which is not properly handled in models/user.go.\n\n CVE-2014-8683:\n Cross-site scripting (XSS) vulnerability in models/issue.go.\");\n\n script_tag(name:\"impact\", value:\"Unauthenticated attackers can exploit this vulnerabilities to perform\n an XSS attack or execute arbitrary SQL commands which may lead to a complete compromise of the database.\");\n\n script_tag(name:\"affected\", value:\"Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8\");\n\n script_tag(name:\"solution\", value:\"Update to version 0.5.8 or later.\");\n\n script_xref(name:\"URL\", value:\"http://gogs.io/docs/intro/change_log.html\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.html\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: version, test_version: \"0.5.8\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"0.5.8\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
Cross-site Scripting in Gogs
