CVE-2014-8683

Name of the Vulnerable Software and Affected Versions Gogs versions 0.3.1-9 through 0.5.x before 0.5.8

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the text parameter to the "api/v1/markdown" API endpoint.

Recommendations For versions 0.3.1-9 through 0.5.x before 0.5.8, update to version 0.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "api/v1/markdown" API endpoint to minimize the risk of exploitation. Avoid using the text parameter in the affected API endpoint until the issue is resolved.