{"id":"CVE-2025-32019","summary":"Harbor's repository description page allows for XSS","details":"Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed in versions 2.11.3 and 2.12.3.","aliases":["BIT-harbor-2025-32019","GHSA-f9vc-vf3r-pqqq","GO-2025-3825"],"modified":"2026-04-02T12:47:07.120810Z","published":"2025-07-23T20:38:10.966Z","related":["openSUSE-SU-2025:15405-1"],"database_specific":{"cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32019.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32019.json"},{"type":"ADVISORY","url":"https://github.com/goharbor/harbor/security/advisories/GHSA-f9vc-vf3r-pqqq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32019"},{"type":"FIX","url":"https://github.com/goharbor/harbor/commit/76c2c5f7cfd9edb356cbb373889a59cc3217a058"},{"type":"FIX","url":"https://github.com/goharbor/harbor/commit/a13a16383a41a8e20f524593cb290dc52f86f088"},{"type":"FIX","url":"https://github.com/goharbor/harbor/commit/f019430872118852f83f96cac9c587b89052d1e5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/goharbor/harbor","events":[{"introduced":"0"},{"fixed":"76c2c5f7cfd9edb356cbb373889a59cc3217a058"}]},{"type":"GIT","repo":"https://github.com/goharbor/harbor","events":[{"introduced":"0"},{"fixed":"a13a16383a41a8e20f524593cb290dc52f86f088"}]},{"type":"GIT","repo":"https://github.com/goharbor/harbor","events":[{"introduced":"0"},{"fixed":"f019430872118852f83f96cac9c587b89052d1e5"}]}],"versions":["0.1.0","0.1.1","0.3.0","0.3.5","0.3.5-rc","0.4.0","0.4.0-rc","0.4.1","0.4.5","0.5.0","0.5.0-rc1","0.5.0-rc2","1.1.0-rc1","1.1.0-rc2","baseline","remote-debug-edition","src/v2.2.1","tile-1.3.0","tile-1.3.1","v1.1.0","v1.1.0-rc3","v1.1.1","v1.1.1-rc1","v1.1.1-rc2","v1.1.1-rc3","v1.1.1-rc4","v1.1.2","v1.10.0","v1.10.0-rc1","v1.10.0-rc2","v1.10.1","v1.10.1-rc1","v1.10.10","v1.10.10-rc1","v1.10.11","v1.10.11-rc1","v1.10.12","v1.10.12-rc1","v1.10.13","v1.10.13-rc1","v1.10.14","v1.10.14-rc1","v1.10.14-rc2","v1.10.15","v1.10.15-rc1","v1.10.16","v1.10.16-rc1","v1.10.17","v1.10.17-rc1","v1.10.18","v1.10.18-rc1","v1.10.18-rc2","v1.10.19","v1.10.19-rc1","v1.10.2","v1.10.2-rc1","v1.10.3","v1.10.3-rc1","v1.10.3-rc2","v1.10.4","v1.10.4-rc1","v1.10.5","v1.10.5-rc1","v1.10.6","v1.10.6-rc1","v1.10.7","v1.10.7-rc1","v1.10.8","v1.10.8-rc1","v1.10.9","v1.2.0","v1.2.0-rc1","v1.2.0-rc2","v1.2.0-rc3","v1.2.0-rc4","v1.2.0-rc5","v1.2.2","v1.3.0","v1.3.0-rc1","v1.3.0-rc2","v1.3.0-rc3","v1.3.0-rc4","v1.4.0","v1.4.0-rc1","v1.4.0-rc2","v1.4.1","v1.5.0","v1.5.0-rc1","v1.5.0-rc2","v1.5.0-rc3","v1.5.0-rc4","v1.5.0-rc5","v1.5.1","v1.5.2","v1.5.2-RC1","v1.5.3","v1.5.4","v1.6.0","v1.6.0-rc1","v1.6.0-rc2","v1.6.0-rc3","v1.6.1","v1.6.2","v1.6.3","v1.7.0","v1.7.0-rc1","v1.7.0-rc2","v1.7.1","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.6-rc1","v1.7.7","v1.7.7-rc1","v1.7.8","v1.7.8-rc1","v1.7.8-rc2","v1.8.0","v1.8.0-rc1","v1.8.0-rc2","v1.8.1","v1.8.2","v1.8.2-rc1","v1.8.2-rc2","v1.8.3","v1.8.3-rc1","v1.8.4","v1.8.4-rc1","v1.8.5","v1.8.5-rc1","v1.8.6","v1.8.6-rc1","v1.9.0","v1.9.0-rc1","v1.9.0-rc2","v1.9.1","v1.9.1-rc1","v1.9.2","v1.9.2-rc1","v1.9.3","v1.9.3-rc1","v1.9.4","v1.9.4-rc1","v1.9.4-rc2","v2.0.0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.1","v2.0.1-rc1","v2.0.2","v2.0.2-rc1","v2.0.3","v2.0.3-rc1","v2.0.4","v2.0.4-rc1","v2.0.4-rc2","v2.0.5","v2.0.5-rc1","v2.0.6","v2.0.6-rc1","v2.1.0","v2.1.0-rc1","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-tech-preview","v2.1.0-tech-prview","v2.1.1","v2.1.1-rc1","v2.1.2","v2.1.2-rc1","v2.1.3","v2.1.3-rc1","v2.1.3-rc2","v2.1.4","v2.1.4-rc1","v2.1.4-rc2","v2.1.5","v2.1.5-rc1","v2.1.5-rc2","v2.1.5-rc3","v2.1.6","v2.1.6-rc1","v2.10.0","v2.10.0-rc1","v2.10.0-rc2","v2.10.1","v2.10.1-rc1","v2.10.2","v2.10.2-rc1","v2.10.3","v2.10.3-rc1","v2.11.0","v2.11.0-rc1","v2.11.0-rc2","v2.11.0-rc3","v2.11.1","v2.11.1-rc1","v2.11.1-rc2","v2.11.2","v2.11.2-rc.1","v2.11.2-rc1","v2.12.0","v2.12.0-rc1","v2.12.0-rc2","v2.12.1","v2.12.1-rc1","v2.12.1-rc2","v2.12.1-rc3","v2.12.2","v2.12.2-rc1","v2.12.2-rc2","v2.12.3","v2.12.3-rc1","v2.12.3-rc2","v2.12.4","v2.12.4-rc1","v2.13.0","v2.13.0-rc1","v2.13.0-rc2","v2.13.1","v2.13.1-rc1","v2.13.1-rc2","v2.13.1-rc3","v2.13.2","v2.13.2-rc1","v2.13.3","v2.13.3-rc1","v2.13.3-rc2","v2.13.4","v2.13.4-rc1","v2.13.4-rc2","v2.13.5","v2.13.5-rc1","v2.14.0","v2.14.0-rc1","v2.14.0-rc2","v2.14.1","v2.14.1-rc1","v2.14.1-rc2","v2.14.2","v2.14.2-rc1","v2.14.2-rc2","v2.14.3","v2.14.3-rc1","v2.15.0","v2.15.0-rc1","v2.15.0-rc2","v2.15.0-rc3","v2.15.0-rc4","v2.2.0","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.2.1","v2.2.1-rc1","v2.2.1-rc2","v2.2.2","v2.2.2-rc1","v2.2.3","v2.2.3-rc1","v2.2.4","v2.2.4-rc1","v2.3.0","v2.3.0-rc1","v2.3.0-rc2","v2.3.0-rc3","v2.3.0.-rc1","v2.3.1","v2.3.1-rc1","v2.3.2","v2.3.2-rc1","v2.3.3","v2.3.3-rc1","v2.3.4","v2.3.4-rc1","v2.3.5","v2.3.5-rc1","v2.4.0","v2.4.0-rc1","v2.4.0-rc2","v2.4.1","v2.4.1-rc1","v2.4.1-rc2","v2.4.2","v2.4.2-rc1","v2.4.3","v2.4.3-rc1","v2.5.0","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.0-rc4","v2.5.1","v2.5.1-rc1","v2.5.2","v2.5.2-rc1","v2.5.3","v2.5.3-rc1","v2.5.4","v2.5.4-rc1","v2.5.5","v2.5.5-rc1","v2.5.6","v2.5.6-rc1","v2.6.0","v2.6.0-rc1","v2.6.0-rc2","v2.6.0-rc3","v2.6.1","v2.6.1-rc1","v2.6.2","v2.6.2-rc1","v2.6.2-rc2","v2.6.3","v2.6.3-rc1","v2.6.4","v2.6.4-rc1","v2.7.0","v2.7.0-rc1","v2.7.0-rc2","v2.7.1","v2.7.1-rc1","v2.7.2","v2.7.2-rc1","v2.7.3","v2.7.3-rc1","v2.7.4","v2.7.4-rc1","v2.8.0","v2.8.0-rc1","v2.8.0-rc2","v2.8.1","v2.8.1-rc1","v2.8.2","v2.8.2-rc1","v2.8.3","v2.8.3-rc1","v2.8.4","v2.8.4-rc1","v2.8.5","v2.8.5-rc1","v2.8.6","v2.8.6-rc1","v2.9.0","v2.9.0-rc1","v2.9.0-rc2","v2.9.0-rc3","v2.9.1","v2.9.1-rc1","v2.9.2","v2.9.2-rc1","v2.9.3","v2.9.3-rc1","v2.9.3-rc2","v2.9.4","v2.9.4-rc1","v2.9.5","v2.9.5-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32019.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"}]}