Lucene search
K

5 matches found

OSV
OSV
added 2025/05/31 5:35 a.m.8 views

BIT-ARGO-CD-2025-47933 Argo CD allows cross-site scripting on repositories page

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve...

9CVSS6.1AI score0.00411EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/29 7:30 p.m.12 views

CVE-2025-47933 Argo CD allows cross-site scripting on repositories page

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve...

9CVSS8.6AI score0.00411EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/05/28 5:36 p.m.19 views

Argo CD allows cross-site scripting on repositories page

Impact This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with...

9CVSS6.5AI score0.00411EPSS
Exploits0References4Affected Software3
UbuntuCve
UbuntuCve
added 2019/07/11 8:15 p.m.14 views

CVE-2019-1010314

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...

6.1CVSS6.4AI score0.0084EPSS
Exploits0References2
OSV
OSV
added 2019/07/11 8:15 p.m.2 views

UBUNTU-CVE-2019-1010314

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...

6.1CVSS5.8AI score0.0084EPSS
Exploits0References3
Rows per page
Query Builder