Gridea Cross-site Scripting

Why it can be dangerous and how to fix it

This article is a part of our Vulnerability Database (back to index)

Cross-site Scripting occurrences in Gridea

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by child_process.exec and the "

<span>Confirmation: <script>dangerous javascript code here</script></span>

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free