3 matches found
CVE-2014-8682
Gogs (Go Git Service) is affected by SQL injection via the q parameter in the API endpoints /api/v1/repos/search and /api/v1/users/search. The vulnerability stems from improper handling in the repository and user search code paths (models/repo.go and models/user.go) across Gogs versions 0.3.1-9 t...
CVE-2014-8681
CVE-2014-8681 affects Gogs (Go Git Service). The GetIssues function in models/issue.go has a SQL injection flaw exploitable via the label parameter in user/repos/issues, impacting Gogs versions 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta. Documents indicate remote attackers can execute arbitra...
CVE-2014-8683
CVE-2014-8683 describes a Cross-Site Scripting (XSS) flaw in Gogs (Go Git Service). The vulnerability affects Gogs versions 0.3.1-9 through 0.5.x before 0.5.8 and is triggered via the text parameter to the API endpoint api/v1/markdown, allowing injection of arbitrary web script/HTML. The root cau...