ByteOS Network

CVE Vulnerability Details :

CVE-2025-47943

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-24 Jun, 2025 | 03:48

Updated At-30 Jul, 2025 | 17:45

▼CVE Numbering Authority (CNA)

Gogs stored XSS in PDF renderer

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3.

Affected Products

Vendor

gogs

Product

gogs

Versions

Affected

<= 0.14.0+dev

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

References

Hyperlink	Resource
https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v	x_refsource_CONFIRM
https://github.com/gogs/gogs/commit/110117b2e5e5baa4809c819bec701e929d2d8d40	x_refsource_MISC
https://github.com/gogs/gogs/releases/tag/v0.13.3	x_refsource_MISC
https://www.hacktivesecurity.com/blog/2025/07/15/cve-2025-47943-stored-xss-in-gogs-via-pdf	x_refsource_MISC

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v	exploit

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References