Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-6886

UNKNOWN
Published 2024-08-06T03:23:21.692Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-6886. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.

Available Exploits

Gitea 1.22.0 - Cross-Site Scripting

Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.

ID: CVE-2024-6886
Author: soonghee2 Medium

References:

Related News

No news articles found for this CVE.

Affected Products

Gitea

Gitea Open Source Git Server

Affected Versions:

1.22.0
gitea

gitea

Affected Versions:

1.22.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Gitea Cross-site Scripting Vulnerability

GHSA-4h4p-553m-46qh

Advisory Details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.

Affected Packages

Go code.gitea.io/gitea
ECOSYSTEM: ≥0 <1.22.1

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-6886
WEB https://github.com/go-gitea/gitea/pull/31200
WEB https://github.com/go-gitea/gitea/commit/b6280f4d21309cfae7cc07f74173354c664d5e10
WEB https://blog.gitea.com/release-of-1.22.1
PACKAGE https://github.com/go-gitea/gitea
WEB https://pkg.go.dev/vuln/GO-2024-3056

Advisory provided by GitHub Security Advisory Database. Published: August 6, 2024, Modified: August 7, 2024

References

https://github.com/go-gitea/gitea/pull/31200
https://blog.gitea.com/release-of-1.22.1/
Published: 2024-08-06T03:23:21.692Z
Last Modified: 2024-08-06T14:30:41.836Z
Copied to clipboard!