Cross Site Scripting Vulnerability in Gitea Repository Settings
CVE-2021-45329

6.1MEDIUM

Key Information:

Vendor

Gitea

Status
Gitea
Vendor
CVE Published:
8 February 2022

What is CVE-2021-45329?

A Cross Site Scripting (XSS) vulnerability was identified in Gitea that allows attackers to inject malicious scripts through the repository settings, specifically in the external wiki or issue tracker URL field. This flaw can lead to the execution of arbitrary JavaScript in the context of the user’s browser, potentially compromising user data and security. Users are advised to upgrade to Gitea version 1.5.1 or later to mitigate this risk.

References

https://blog.gitea.io/2018/09/gitea-1.5.1-is-released/
x_refsource_MISC
https://github.com/go-gitea/gitea/pull/4710
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2021-45329 : Cross Site Scripting Vulnerability in Gitea Repository Settings