Lucene search
K

186 matches found

CVE
CVE
added 2026/06/24 8:25 p.m.14 views

CVE-2026-52807

Summary (supported by provided docs): Gogs is affected by a DOM-based XSS in the New Issue page when a milestone name contains HTML/JS payloads. The root cause involves client-side rendering: milestone names are rendered with Go’s escaping in new_form.tmpl, but Semantic UI 2.4.2 uses preserveHTML...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:25 p.m.27 views

CVE-2026-52807 Gogs: DOM-based XSS via Milestone Name on New Issue Page

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS0.00483EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 5:2 p.m.6 views

GHSA-VCM5-GVMP-78MP Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score0.00483EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51625

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Gitea affected versions not specified Description A stored DOM-based Cross-Site Scripting XSS issue exists where an attacker can store an HTML or JavaScript payload in a milestone name. When a user opens th...

4.8CVSS6AI score0.00483EPSS
Exploits0References10
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178613

Malicious code in halley-pm2-semantic-ui-commitlint-config-angular npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in dotenv-semantic-ui-fusion-hexo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 584061c298f10964689f1ef6b99e08687def32aa09801e3a0bd33abfa06b5ba3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-177300

Malicious code in passport-semantic-ui-miranda-dotenv-safe npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.5 views

EUVD-2025-177605

Malicious code in nightmare-semantic-ui-init-config npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.6 views

EUVD-2025-176117

Malicious code in superflare-xenon-semantic-ui-fermiparadox npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-177445

Malicious code in ophiuchus-callisto-semantic-ui-lynx npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-179000

Malicious code in eventhoriz-perseus-semantic-ui-antares npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-177500

Malicious code in oberon-semantic-ui-cors-dione npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in prettier-oberon-unuk-semantic-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1416ff5d8384ecbdb89cc7b68eabd1e69af5e47c782685dded612d683ca51e37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.11 views

EUVD-2025-175425

Malicious code in zenobia-grus-readable-semantic-ui npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.5 views

EUVD-2025-175820

Malicious code in uninstall-semantic-ui-await-postcss npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-180524

Malicious code in ablation-semantic-ui-readable-xerxes npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178846

Malicious code in fornax-postgres-phoenix-semantic-ui npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.6 views

EUVD-2025-178784

Malicious code in gammarayburst-semantic-ui-antares-juno npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in transform-semantic-ui-eleventy-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ffc4d6e7b72b0aaa2abde280bb586981de8ed65cc2174a163599fb04f6fa777 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in corvus-javascript-charon-semantic-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b3ec6da952c946bcdb511cd68067f74a208ceba883ec29ce8802e9ca8e1554b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder