2 matches found
CVE-2022-1928 Cross-site Scripting (XSS) - Stored in go-gitea/gitea
Cross-site Scripting XSS - Stored in GitHub repository go-gitea/gitea prior to 1.16.9...
CVE-2022-1928
CVE-2022-1928 affects go-gitea/gitea up to version 1.16.9, with stored Cross-site Scripting in user-facing content. The vulnerability is caused by unfiltered/pdf content handling that allows attacker-supplied data to be stored and later rendered in a web page, enabling XSS. Multiple connected sou...