{"id":"GHSA-hqx2-j33x-9fc4","summary":"Gitea XSS Vulnerability in Repository Description","details":"Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.","aliases":["CVE-2019-1010314"],"modified":"2024-04-24T21:11:52.888320Z","published":"2022-05-24T16:50:02Z","database_specific":{"severity":"MODERATE","cwe_ids":["CWE-79"],"github_reviewed":true,"nvd_published_at":"2019-07-11T20:15:00Z","github_reviewed_at":"2024-04-24T20:58:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1010314"},{"type":"WEB","url":"https://github.com/go-gitea/gitea/issues/8717"},{"type":"WEB","url":"https://github.com/go-gitea/gitea/pull/6306"},{"type":"WEB","url":"https://github.com/go-gitea/gitea/pull/6308"},{"type":"WEB","url":"https://github.com/go-gitea/gitea/commit/c7bbfd8f5eb097c6910e142415fcdf48fc3c9814"},{"type":"PACKAGE","url":"https://github.com/go-gitea/gitea"},{"type":"WEB","url":"https://github.com/go-gitea/gitea/releases/tag/v1.7.4"}],"affected":[{"package":{"name":"code.gitea.io/gitea","ecosystem":"Go","purl":"pkg:golang/code.gitea.io/gitea"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.7.2"},{"fixed":"1.7.4"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hqx2-j33x-9fc4/GHSA-hqx2-j33x-9fc4.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}