GHSA-26GQ-GRMH-6XM6 Gogs vulnerable to Stored XSS via Mermaid diagrams
Summary Stored XSS via mermaid diagrams due to usage of vulnerable renderer library Details Gogs introduced support for rendering mermaid diagrams in version 0.13.0. Currently used version of the library mermaid 11.9.0 is vulnerable to at least two XSS scenarios with publicly available payloads...