QwikSec

Security Database

CVE

CWE

Training

CVE-2025-32019

Published: Jul 23, 2025

Modified: Jul 23, 2025

PUBLISHED

CVSS v3.1

4.1

MEDIUM

Description

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed in versions 2.11.3 and 2.12.3.

Vendor	Product	Versions
goharbor	harbor	affected `>= 2.12.0-rc1, < 2.12.4-rc1` affected `>= 2.13.0-rc1, < 2.13.1-rc1` affected `<= 2.4.0-rc1.1, < 2.11.3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/goharbor/harbor/security/advisories/GHSA-f9vc-vf3r-pqqq

x_refsource_CONFIRM

https://github.com/goharbor/harbor/commit/76c2c5f7cfd9edb356cbb373889a59cc3217a058

x_refsource_MISC

https://github.com/goharbor/harbor/commit/a13a16383a41a8e20f524593cb290dc52f86f088

x_refsource_MISC

https://github.com/goharbor/harbor/commit/f019430872118852f83f96cac9c587b89052d1e5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.