CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

CVE-2026-52807

Summary (supported by provided docs): Gogs is affected by a DOM-based XSS in the New Issue page when a milestone name contains HTML/JS payloads. The root cause involves client-side rendering: milestone names are rendered with Go’s escaping in new_form.tmpl, but Semantic UI 2.4.2 uses preserveHTML...

4.8CVSS5.9AI score

Exploits0References4

OSV•added yesterday•4 views

GHSA-VCM5-GVMP-78MP Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score

Exploits0References5

Github Security Blog•added yesterday•7 views

Gogs has DOM-based XSS via Milestone Name on New Issue Page

4.8CVSS6AI score

Exploits0References5Affected Software1

Positive Technologies•added yesterday•4 views

PT-2026-51625

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Gitea affected versions not specified Description A stored DOM-based Cross-Site Scripting XSS issue exists where an attacker can store an HTML or JavaScript payload in a milestone name. When a user opens th...

4.8CVSS6AI score

Exploits0References8

RedhatCVE•added 2026/06/05 7:26 p.m.•7 views

CVE-2026-39960

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

5.4CVSS5.7AI score0.0023EPSS

Exploits0References1

RedhatCVE•added 2026/05/28 2:15 p.m.•11 views

CVE-2026-47715

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS5.8AI score0.00154EPSS

Exploits0References1

NVD•added 2026/05/20 10:16 p.m.•13 views

CVE-2026-39960

5.4CVSS0.0023EPSS

Exploits0References2

EUVD•added 2026/05/20 9:11 p.m.•11 views

EUVD-2026-31192

5.4CVSS6AI score0.0023EPSS

Exploits0References2

ATTACKERKB•added 2026/05/20 9:11 p.m.•4 views

CVE-2026-39960

5.4CVSS6AI score0.0023EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/20 9:11 p.m.•27 views

CVE-2026-39960 MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values

5.4CVSS0.0023EPSS

Exploits0References2

CVE•added 2026/05/20 9:11 p.m.•18 views

CVE-2026-39960

MantisBT (versions ≤ 2.28.1) is vulnerable to Stored XSS via improper escaping of a textarea custom field on the Update Issue page (bug_update_page.php). The flaw allows an attacker, authenticated with bug report permission, to inject HTML and potentially execute JavaScript when the page loads, e...

5.4CVSS6AI score0.0023EPSS

Exploits0References2

Github Security Blog•added 2026/05/11 7:34 p.m.•9 views

MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

Improper escaping of a textarea custom field's contents in the Update Issue page bugupdatepage.php allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. Impact Session theft leading to admin account takeover, full project data access....

5.4CVSS6.8AI score0.0023EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/11 7:34 p.m.•6 views

GHSA-QJ6W-V29Q-4RGX MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

5.4CVSS6.1AI score0.0023EPSS

Exploits0References5

Positive Technologies•added 2026/05/11 12:0 a.m.•13 views

PT-2026-39880

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description Flawed logic in the Update Issue page 'bug update page.php' causes improper escaping of textarea custom field contents. This allows an authenticated user with low-privilege bug...

5.4CVSS6.2AI score0.0023EPSS

Exploits0References6

SUSE CVE•added 2026/03/25 12:27 a.m.•5 views

SUSE CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository's Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.8AI score0.00184EPSS

Exploits0References3

RedhatCVE•added 2026/03/06 7:45 p.m.•4 views

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.7AI score0.00184EPSS

Exploits0References1

Github Security Blog•added 2026/03/05 8:16 p.m.•7 views

Gogs: DOM-based XSS via milestone selection

Summary It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. Impact Theft of information accessible in the victim...

7.3CVSS6AI score0.00184EPSS

Exploits0References6Affected Software1

OSV•added 2026/03/05 8:16 p.m.•6 views

GHSA-VGJM-2CPF-4G7C Gogs: DOM-based XSS via milestone selection

7.3CVSS6AI score0.00184EPSS

Exploits0References6

NVD•added 2026/03/05 7:16 p.m.•10 views

CVE-2026-26276

7.3CVSS0.00184EPSS

Exploits0References3