Stored Cross-site Scripting (XSS)

github.com/go-gitea/gitea is vulnerable to stored cross-site scripting XSS. It does not escape the description in DescriptionHTML function, allowing the attacker to inject malicious HTML through it...