CVE-2025-3246

High CVSS: 8.6

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the malicious elements. This vulnerability affected version 3.16.1 of GitHub Enterprise Server and was fixed in version 3.16.2. This vulnerability was reported via the GitHub Bug Bounty program.

Vendor

Github

Product

Enterprise Server

CWE

CWE-79

Yayın Tarihi

2025-04-17 23:15:42

Güncelleme

2025-09-05 15:00:02

Source Identifier

product-cna@github.com

KEV Date Added

Kategoriler

CWE-79 Enterprise Server HIGH Github 2025

Referanslar

https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.2

Benzer Kayıtlar

Medium

CVE-2026-3582

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user w…

High

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cros…

High

CVE-2026-3854

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an…

Medium

CVE-2026-3306

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access…

High

CVE-2026-1999

A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an authentica…

Medium

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unau…