Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-47943
Awaiting Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-24 Jun, 2025 | 04:15
Updated At-30 Jul, 2025 | 18:15

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondarysecurity-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/gogs/gogs/commit/110117b2e5e5baa4809c819bec701e929d2d8d40security-advisories@github.com
N/A
https://github.com/gogs/gogs/releases/tag/v0.13.3security-advisories@github.com
N/A
https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4vsecurity-advisories@github.com
N/A
https://www.hacktivesecurity.com/blog/2025/07/15/cve-2025-47943-stored-xss-in-gogs-via-pdfsecurity-advisories@github.com
N/A
https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Change History
0Changes found
Details not found