BIT-harbor-2025-32019
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/harbor/BIT-harbor-2025-32019.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-harbor-2025-32019
- Aliases
- Published
- 2025-07-29T05:40:29.320Z
- Modified
- 2026-03-20T10:00:15.058089Z
- Summary
- Harbor's repository description page allows for XSS
- Details
-
Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0 and 2.13.0, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed in versions 2.11.3 and 2.12.3.
- Database specific
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:go:*:*" ] }- References
-
- https://github.com/goharbor/harbor/commit/76c2c5f7cfd9edb356cbb373889a59cc3217a058
- https://github.com/goharbor/harbor/commit/a13a16383a41a8e20f524593cb290dc52f86f088
- https://github.com/goharbor/harbor/commit/f019430872118852f83f96cac9c587b89052d1e5
- https://github.com/goharbor/harbor/security/advisories/GHSA-f9vc-vf3r-pqqq
- https://nvd.nist.gov/vuln/detail/CVE-2025-32019
Affected packages
Bitnami / harbor
Package
- Name
- harbor
- Purl
- pkg:bitnami/harbor
Severity
- 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator