2 matches found
CVE-2019-12047
Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "...
CVE-2019-12047
CVE-2019-12047 affects Gridea v0.8.0 with an XSS flaw that allows an attacker to trigger arbitrary code execution by invoking a Node.js module (e.g., via child_process.exec) from crafted input, demonstrated by an onerror payload. The issue is caused by insufficient input sanitization leading to ...