Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-32019
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-23 Jul, 2025 | 20:38
Updated At-23 Jul, 2025 | 20:47
Rejected At-
▼CVE Numbering Authority (CNA)
Harbor's repository description page allows for XSS

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed in versions 2.11.3 and 2.12.3.

Affected Products
Vendor
goharbor
Product
harbor
Versions
Affected
  • >= 2.12.0-rc1, < 2.12.4-rc1
  • >= 2.13.0-rc1, < 2.13.1-rc1
  • <= 2.4.0-rc1.1, < 2.11.3
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.14.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 4.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/goharbor/harbor/security/advisories/GHSA-f9vc-vf3r-pqqq
x_refsource_CONFIRM
https://github.com/goharbor/harbor/commit/76c2c5f7cfd9edb356cbb373889a59cc3217a058
x_refsource_MISC
https://github.com/goharbor/harbor/commit/a13a16383a41a8e20f524593cb290dc52f86f088
x_refsource_MISC
https://github.com/goharbor/harbor/commit/f019430872118852f83f96cac9c587b89052d1e5
x_refsource_MISC
Hyperlink: https://github.com/goharbor/harbor/security/advisories/GHSA-f9vc-vf3r-pqqq
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/goharbor/harbor/commit/76c2c5f7cfd9edb356cbb373889a59cc3217a058
Resource:
x_refsource_MISC
Hyperlink: https://github.com/goharbor/harbor/commit/a13a16383a41a8e20f524593cb290dc52f86f088
Resource:
x_refsource_MISC
Hyperlink: https://github.com/goharbor/harbor/commit/f019430872118852f83f96cac9c587b89052d1e5
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found