{"id":"CVE-2022-29947","details":"Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.","aliases":["GHSA-vmp5-c5hp-6c65","GO-2022-0440"],"modified":"2026-04-10T04:47:34.072056Z","published":"2022-04-29T21:15:07.767Z","references":[{"type":"ADVISORY","url":"https://github.com/woodpecker-ci/woodpecker/releases/tag/v0.15.1"},{"type":"FIX","url":"https://github.com/woodpecker-ci/woodpecker/pull/879"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/woodpecker-ci/woodpecker","events":[{"introduced":"0"},{"fixed":"f2bf5931c283967e527254f38dee1f034075cc6a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.15.1"}]}}],"versions":["v0.10.0","v0.11.0","v0.12.0","v0.13.0","v0.13.0-rc.1","v0.13.0-rc.2","v0.13.0-rc.3","v0.14.0","v0.14.0-rc.1","v0.14.0-rc.2","v0.15.0","v0.15.0-rc1","v0.15.0-rc2","v0.8.100","v0.8.101","v0.8.102","v0.8.103","v0.8.104","v0.8.105","v0.8.106","v0.8.91","v0.8.92","v0.8.93","v0.8.94","v0.8.95","v0.8.96","v0.8.97","v0.8.98","v0.8.99","v0.9.0","v0.9.1","v0.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29947.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}