CVE-2025-32019: Harbor's repository description page allows for XSS

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-32019

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Harbor's repository description page allows for XSS

Source: NVD (National Vulnerability Database)

Vulnerability Description

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed in versions 2.11.3 and 2.12.3.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Harbor 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Harbor是Harbor开源的一个开源注册表。通过策略和基于角色的访问控制来保护工件，确保图像被扫描并且没有漏洞，并将图像签名为可信的。 Harbor 2.11.2及之前版本、2.12.0-rc1版本和2.13.0-rc1版本存在跨站脚本漏洞，该漏洞源于信息标签页中的markdown字段可被利用注入XSS代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
goharbor	harbor	>= 2.12.0-rc1, < 2.12.4-rc1	-

II. Public POCs for CVE-2025-32019

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-32019

Please Login to view more intelligence information

https://github.com/goharbor/harbor/security/advisories/GHSA-f9vc-vf3r-pqqqx_refsource_CONFIRM
https://github.com/goharbor/harbor/commit/f019430872118852f83f96cac9c587b89052d1e5x_refsource_MISC
https://github.com/goharbor/harbor/commit/a13a16383a41a8e20f524593cb290dc52f86f088x_refsource_MISC
https://github.com/goharbor/harbor/commit/76c2c5f7cfd9edb356cbb373889a59cc3217a058x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2025-32019

New Vulnerabilities

Product: harbor

Same weakness: CWE-79

V. Comments for CVE-2025-32019

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2025-32019

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-32019

III. Intelligence Information for CVE-2025-32019

New Vulnerabilities

V. Comments for CVE-2025-32019

Leave a comment