CVE-2025-50977

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-50977

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-50977.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-50977

Published

2025-08-27T17:15:41.967Z

Modified

2026-04-10T05:29:18.758299Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute JavaScript code in the context of the application. The flaw can be exploited through GET requests to the summary endpoint as well as POST requests to specific Wicket interface endpoints, though the GET method provides easier weaponization. This vulnerability enables authenticated administrators to execute arbitrary client-side code, potentially leading to session hijacking, data theft, or further privilege escalation attacks.

References

https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-angularjs-expression.md

Affected packages

Git / github.com/gitblit-org/gitblit

Affected ranges

Type

GIT

Repo

https://github.com/gitblit-org/gitblit

Events

Introduced

Last affected

390909105f3323b24a7cc19ec1efe4bb099cfa76

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.1"
        }
    ]
}

Affected versions

v0.*

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.7.0

v0.8.0

v0.8.1

v0.8.2

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v1.*

v1.0.0

v1.1.0

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.7.0

v1.7.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-50977.json"