CVE-2025-68946
A flaw was found in Gitea. A remote attacker could exploit this vulnerability by injecting a forbidden URL scheme, such as javascript:, into a link. This could lead to Cross-Site Scripting XSS, allowing the attacker to execute arbitrary code in the user's browser or disclose sensitive information...