ID CVE-2018-17031
Summary In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
misc https://github.com/gogs/gogs/issues/5397
Last major update 13-09-2018 - 22:29
Published 13-09-2018 - 22:29
Last modified 13-09-2018 - 22:29
Back to Top