Gitee Exploits

5 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-3691 GITEE LOW javascript
Layui < 2.8.0 - XSS
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.8.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-234237 was assigned to this vulnerability.
by sentsim
16,635 stars
CVSS 3.5
CVE-2023-3691 GITEE LOW javascript
Layui < 2.8.0 - XSS
A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.8.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-234237 was assigned to this vulnerability.
by sentsim
16,635 stars
CVSS 3.5
CVE-2023-1001 GITEE LOW javascript
NPM Vxe-table < 3.7.10 - XSS
A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123.
by xuliangzhan
24 stars
CVSS 3.5
CVE-2023-1001 GITEE LOW javascript
NPM Vxe-table < 3.7.10 - XSS
A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123.
by xuliangzhan
24 stars
CVSS 3.5
CVE-2024-5829 GITEE LOW javascript
smallweigit Avue <3.4.4 - XSS
A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by this vulnerability is an unknown functionality of the component avueUeditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267895. NOTE: The code maintainer explains, that "rich text is no longer maintained".
by smallweigit
5,381 stars
CVSS 3.5
By Source
All 5 Exploitdb 50,123 Writeup 46,574 Nomisec 21,104 Metasploit 3,189 Github 2,206 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,721 c 3,549 perl 2,854 html 2,051 php 1,332 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24