2 matches found
CVE-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...
CVE-2025-68946
CVE-2025-68946 affects Gitea releases before 1.20.1, where a link can specify a forbidden URL scheme (e.g., javascript:) enabling XSS. The issue is fixed by upgrading to Gitea 1.20.1 or later (patch/markup module remediation noted in the linked advisories/releases). Practical impact is Cross‑Site...