Lucene search

Veracode Vulnerability DatabaseVERACODE:46597

HistoryApr 24, 2024 - 4:54 a.m.

Cross Site Scripting

2024-04-2404:54:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

hugo

software

xss

vulnerability

markdown

escaping

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

github.com/gohugoio/hugo/ is vulnerable to Cross Site Scripting. This vulnerability arises due to insufficient escaping of title arguments in Markdown, impacting users who utilize these hooks without full trust in their Markdown content files.

CPENameOperatorVersion
github.com/gohugoio/hugolev0.125.2
github.com/gohugoio/hugolev0.125.2
hugo:sideq0.78.2-1

Name	Operator	Version
github.com/gohugoio/hugo	le	v0.125.2
github.com/gohugoio/hugo	le	v0.125.2
hugo:sid	eq	0.78.2-1

References

github.com/gohugoio/hugo/commit/15a4b9b33715887001f6eff30721d41c0d4cfdd1

github.com/gohugoio/hugo/releases/tag/v0.125.3

github.com/gohugoio/hugo/security/advisories/GHSA-ppf8-hhpp-f5hj

gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:46597