5 matches found
Exploit for Cross-site Scripting in Gitea
CVE-2021-28378 Details about this CVE herehttps://www.cved...
CVE-2021-28378
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...
CVE-2021-28378
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...
CVE-2021-28378
CVE-2021-28378 affects Gitea 1.12.x and 1.13.x up to (but not including) 1.13.4. The issue is a client-side XSS vulnerability triggered when rendering issue/PR references that are injected in popup UI via the inline ref-issue links; insufficient escaping of fields like label.name, issue.title, an...
CVE-2021-28378
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...