CVE-2025-50977

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-50977
A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute JavaScript code in the context of the application. The flaw can be exploited through GET requests to the summary endpoint as well as POST requests to specific Wicket interface endpoints, though the GET method provides easier weaponization. This vulnerability enables authenticated administrators to execute arbitrary client-side code, potentially leading to session hijacking, data theft, or further privilege escalation attacks.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-angularjs-expression.md Exploit Third Party Advisory
https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-angularjs-expression.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gitblit:gitblit:1.7.1:*:*:*:*:*:*:*
History

09 Sep 2025, 18:45

Type Values Removed Values Added
References () https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-angularjs-expression.md - () https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-angularjs-expression.md - Exploit, Third Party Advisory
First Time Gitblit
Gitblit gitblit
CPE cpe:2.3:a:gitblit:gitblit:1.7.1:*:*:*:*:*:*:*

28 Aug 2025, 15:16

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad de inyección de plantillas que provoca Cross Site Scripting (XSS) reflejado en la versión 1.7.1, que requiere acceso de administrador autenticado para su explotación. La vulnerabilidad se encuentra en el parámetro 'r' y permite a los atacantes inyectar expresiones maliciosas de Angular que ejecutan código JavaScript en el contexto de la aplicación. La falla puede explotarse mediante solicitudes GET al endpoint de resumen, así como mediante solicitudes POST a endpoints específicos de la interfaz Wicket, aunque el método GET facilita su uso como arma. Esta vulnerabilidad permite a los administradores autenticados ejecutar código arbitrario del lado del cliente, lo que podría provocar secuestro de sesiones, robo de datos o nuevos ataques de escalada de privilegios.
References () https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-angularjs-expression.md - () https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-angularjs-expression.md -
CWE CWE-79
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1

27 Aug 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-27 17:15

Updated : 2025-09-09 18:45

NVD link : CVE-2025-50977

Mitre link : CVE-2025-50977

CVE.ORG link : CVE-2025-50977

JSON object : View

Products Affected

gitblit

  • gitblit
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')