GHSA-9CPJ-QC93-VW8V Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer
Summary Me again. Gitea's built-in 3D file viewer powered by Online3DViewer is vulnerable to stored cross-site scripting XSS through crafted .gltf files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name and Gitea...