Gitea 1.22.0 - Stored XSS Vulnerability

🗓️ 28 Aug 2024 00:00:00Reported by Catalin IovitaType

zdt🔗 0day.today👁 348 Views

Gitea 1.22.0 - Stored XSS Vulnerability, allows injection and execution of malicious script

Reporter	Title	Published	Views	Family All 21
Circl	CVE-2024-6886	6 Aug 202407:28	–	circl
CNNVD	Gitea 跨站脚本漏洞	6 Aug 202400:00	–	cnnvd
CVE	CVE-2024-6886	6 Aug 202403:23	–	cve
Cvelist	CVE-2024-6886 Inproper Sanitation of field leading to stored XSS	6 Aug 202403:23	–	cvelist
Exploit DB	Gitea 1.22.0 - Stored XSS	28 Aug 202400:00	–	exploitdb
EUVD	EUVD-2024-2490	3 Oct 202520:07	–	euvd
Github Security Blog	Gitea Cross-site Scripting Vulnerability	6 Aug 202406:30	–	github
GitLab Advisory Database	Gitea Cross-site Scripting Vulnerability	6 Aug 202400:00	–	gitlab
Nuclei	Gitea 1.22.0 - Cross-Site Scripting	7 Jun 202603:02	–	nuclei
NVD	CVE-2024-6886	6 Aug 202404:16	–	nvd

# Exploit Title: Stored XSS in Gitea
# Exploit Authors: Catalin Iovita & Alexandru Postolache
# Vendor Homepage: (https://github.com/go-gitea/gitea)
# Version: 1.22.0
# Tested on: Linux 5.15.0-107, Go 1.23.0
# CVE: CVE-2024-6886

## Vulnerability Description
Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.

## Steps to Reproduce
1. Log in to the application.
2. Create a new repository or modify an existing repository by clicking the Settings button from the `$username/$repo_name/settings` endpoint.
3. In the Description field, input the following payload:

    <a href=javascript:alert()>XSS test</a>

4. Save the changes.
5. Upon clicking the repository description, the payload was successfully injected in the Description field. By clicking on the message, an alert box will appear, indicating the execution of the injected script.

28 Aug 2024 00:00Current

8.7High risk

Vulners AI Score8.7

CVSS 410

EPSS0.25195

SSVC