2 matches found
CVE-2026-25242
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...
PT-2022-13907 · Gogs · Gogs
Name of the Vulnerable Software and Affected Versions: gogs/gogs versions prior to 0.12.7 Description: The issue is a stored XSS bug in the gogs/gogs GitHub repository. This bug allows the execution of any JavaScript code in a victim's account. The vulnerability is triggered when a user opens an...