2038 matches found
GHSA-VGVF-M4FW-938J Gogs: Stored XSS in branch and wiki views through author and committer names
Summary Stored XSS is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data URLs. Details safe still turns off escaping: - internal/template/template.go - func saferaw string template.HTML return template.HTMLraw Branch pages...
CVE-2026-27723
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...
CVE-2026-26195
Gogs prior to v0.14.2 is affected by a stored XSS due to unsafe template rendering that mixes user input with a permissive sanitizer for data URLs. The issue enables stored cross-site scripting via data URLs and has been patched in v0.14.2. CVSS v4.0 base metrics indicate a MEDIUM severity (6.9) ...
CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...
CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...
CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...
CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...
CVE-2026-27723
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...
CVE-2026-27723
OpenProject CVE-2026-27723 involves insufficient access control that allows creating wiki pages for unpermitted projects via an improperly authenticated request. Affected versions are before 17.0.5 and 17.1.2; these releases fix the issue by addressing the access control hole. The CVSS 3.1 vector...
EUVD-2026-9846
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...
CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...
CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...
OpenProject 访问控制错误漏洞
OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.0.5 and 17.1.2 had a access control vulnerability. This vulnerability stemmed from improper authentication requests, which could lead to the creation of wiki pages for unauthorized projects...
PT-2026-23480
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...
SUSE CVE-2026-24135
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulatin...
GO-2026-4452 Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update in gogs.io/gogs
Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GitLab 18.4 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-12716)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an...
GitLab 17.1 < 18.6.4 / 18.7 < 18.7.2 / 18.8 < 18.8.2 (CVE-2025-13335)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an...
Docmost 安全漏洞
Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.25.0 contained security vulnerabilities, which were caused by insufficient HTML escape sequences, potentially leading to stored-xss attacks...
CVE-2026-24135
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulatin...