CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

SUSE CVE•added 2026/03/25 12:27 a.m.•5 views

SUSE CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository's Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.8AI score0.00184EPSS

Exploits0References3

RedhatCVE•added 2026/03/06 7:45 p.m.•4 views

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.7AI score0.00184EPSS

Exploits0References1

EUVD•added 2026/03/05 8:16 p.m.•10 views

EUVD-2026-9855

Gogs: DOM-based XSS via milestone selection...

7.3CVSS5.9AI score0.00184EPSS

Exploits0References4

Github Security Blog•added 2026/03/05 8:16 p.m.•7 views

Gogs: DOM-based XSS via milestone selection

Summary It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. Impact Theft of information accessible in the victim...

7.3CVSS6AI score0.00184EPSS

Exploits0References6Affected Software1

OSV•added 2026/03/05 8:16 p.m.•6 views

GHSA-VGJM-2CPF-4G7C Gogs: DOM-based XSS via milestone selection

7.3CVSS6AI score0.00184EPSS

Exploits0References6

NVD•added 2026/03/05 7:16 p.m.•10 views

CVE-2026-26276

7.3CVSS0.00184EPSS

Exploits0References3

Vulnrichment•added 2026/03/05 6:51 p.m.•0 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

7.3CVSS5.7AI score0.00184EPSS

Exploits0References3

ATTACKERKB•added 2026/03/05 6:51 p.m.•4 views

CVE-2026-26276

7.3CVSS5.9AI score0.00184EPSS

Exploits0References4Affected Software1

OSV•added 2026/03/05 6:51 p.m.•4 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

7.3CVSS7AI score0.00184EPSS

Exploits0References5

CVE•added 2026/03/05 6:51 p.m.•14 views

CVE-2026-26276

Gogs (before 0.14.2) is vulnerable to a DOM-based XSS: an attacker can store an HTML/JavaScript payload in a repository milestone name, which is triggered when a user selects the milestone on the New Issue page. The issue is fixed in version 0.14.2. CVSSv3.1 base score 7.3 (HIGH): Network attack ...

7.3CVSS5.9AI score0.00184EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/03/05 6:51 p.m.•30 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

7.3CVSS0.00184EPSS

Exploits0References3

Positive Technologies•added 2026/03/05 12:0 a.m.•9 views

PT-2026-23488

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, is affected by a DOM-Based Cross-Site Scripting XSS issue. An attacker can inject an HTML/JavaScript payload into a repository’s Milestone name. When another user selec...

9.9CVSS5.8AI score0.22162EPSS

Exploits68References137

RedhatCVE•added 2026/01/09 12:29 p.m.•3 views

CVE-2023-40816

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field...

6.1CVSS6.9AI score0.00463EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2018-6513

Malware in sbrugna...

5.4CVSS5.8AI score0.0078EPSS

Exploits1References3