CVE-2025-47943: Gogs XSS allowed by stored call in PDF renderer
(updated )
A stored XSS is present in Gogs which allows client-side Javascript code execution.
References
- github.com/advisories/GHSA-xh32-cx6c-cp4v
- github.com/gogs/gogs
- github.com/gogs/gogs/commit/110117b2e5e5baa4809c819bec701e929d2d8d40
- github.com/gogs/gogs/releases/tag/v0.13.3
- github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v
- nvd.nist.gov/vuln/detail/CVE-2025-47943
- www.hacktivesecurity.com/blog/2025/07/15/cve-2025-47943-stored-xss-in-gogs-via-pdf
Code Behaviors & Features
Detect and mitigate CVE-2025-47943 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →