gitblit gitblit の CVE(4 件)

CVE 件数: 4 CPE versions: View versions table

概要

本ページは gitblit gitblit に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 14 / 4 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-50977 A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute JavaScript code in the context of the application. The flaw can be exploited through GET requests to the summary endpoint as well as POST requests to specific Wicket interface endpoints, though the GET me [email protected] 6.1 0.26% 2025-08-27 2026-06-17
CVE-2025-50978 In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient input sanitization of filename elements. [email protected] 6.1 0.26% 2025-08-27 2026-06-17
CVE-2022-31268 A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). [email protected] 7.5 9.60% 2022-05-21 2026-06-17
CVE-2022-31267 Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admin"' value. [email protected] 9.8 17.75% 2022-05-21 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence