Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2020-8981: XSS in Delete Repository page #338

Closed
dregad opened this issue Feb 13, 2020 · 1 comment
Closed

CVE-2020-8981: XSS in Delete Repository page #338

dregad opened this issue Feb 13, 2020 · 1 comment
Labels
core security
Milestone
1.6.2

Comments

@dregad
Copy link
Member

dregad commented Feb 13, 2020
edited

This is related to #286.

Steps to reproduce:

  1. Create a new repository, set repo name to <script>alert('XSS');</script>
  2. Update and go back to Manage Repository page
  3. Click on Delete Repository

CVE request 841560 pending.
@dregad dregad added this to the 1.6.2 milestone Feb 13, 2020
@dregad dregad closed this as completed in 270675c Feb 13, 2020
@dregad dregad modified the milestones: 1.6.2, 2.3.1 Feb 13, 2020
@dregad dregad changed the title XSS in Delete Repository page CVE-2020-8981: XSS in Delete Repository page Feb 13, 2020
@dregad
Copy link
Member Author

dregad commented Feb 13, 2020

CVE-2020-8981 assigned

dregad added a commit that referenced this issue Feb 13, 2020
@dregad
Update Changelog with CVE-2020-8981 (#338)
81950fc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core security
Projects
None yet
Milestone
1.6.2
Development

No branches or pull requests
1 participant
@dregad