{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T11:31:35.046","vulnerabilities":[{"cve":{"id":"CVE-2025-50978","sourceIdentifier":"cve@mitre.org","published":"2025-08-27T16:15:35.633","lastModified":"2025-09-09T18:52:53.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient input sanitization of filename elements."},{"lang":"es","value":"En Gitblit v1.7.1, existe una vulnerabilidad Cross Site Scripting (XSS) reflejado en la gestión de los nombres de ruta del repositorio. Al inyectar una payload de ruta especialmente manipulada, un atacante puede provocar la ejecución de código JavaScript arbitrario cuando la víctima accede a la URL manipulada. Esta falla se debe a una depuración insuficiente de los elementos de nombre de archivo en la entrada."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitblit:gitblit:1.7.1:*:*:*:*:*:*:*","matchCriteriaId":"FC023CA4-A5B6-4E12-8FD2-2F3C785E13EC"}]}]}],"references":[{"url":"https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-filenames.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}}]}