Lucene search
K

29 matches found

CVE
CVE
added 2026/06/24 8:25 p.m.14 views

CVE-2026-52807

Summary (supported by provided docs): Gogs is affected by a DOM-based XSS in the New Issue page when a milestone name contains HTML/JS payloads. The root cause involves client-side rendering: milestone names are rendered with Go’s escaping in new_form.tmpl, but Semantic UI 2.4.2 uses preserveHTML...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/23 5:2 p.m.9 views

Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score0.00483EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:2 p.m.6 views

GHSA-VCM5-GVMP-78MP Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score0.00483EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51625

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Gitea affected versions not specified Description A stored DOM-based Cross-Site Scripting XSS issue exists where an attacker can store an HTML or JavaScript payload in a milestone name. When a user opens th...

4.8CVSS6AI score0.00483EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.6 views

SUSE CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository's Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.8AI score0.00184EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.5 views

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.7AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 8:16 p.m.12 views

EUVD-2026-9855

Gogs: DOM-based XSS via milestone selection...

7.3CVSS5.9AI score0.00184EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 8:16 p.m.8 views

GHSA-VGJM-2CPF-4G7C Gogs: DOM-based XSS via milestone selection

Summary It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. Impact Theft of information accessible in the victim...

7.3CVSS6AI score0.00184EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/05 8:16 p.m.8 views

Gogs: DOM-based XSS via milestone selection

Summary It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. Impact Theft of information accessible in the victim...

7.3CVSS6AI score0.00184EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/05 7:16 p.m.12 views

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS0.00184EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 6:51 p.m.30 views

CVE-2026-26276

Gogs (before 0.14.2) is vulnerable to a DOM-based XSS: an attacker can store an HTML/JavaScript payload in a repository milestone name, which is triggered when a user selects the milestone on the New Issue page. The issue is fixed in version 0.14.2. CVSSv3.1 base score 7.3 (HIGH): Network attack ...

7.3CVSS5.9AI score0.00184EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 6:51 p.m.0 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.7AI score0.00184EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 6:51 p.m.4 views

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.9AI score0.00184EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/05 6:51 p.m.35 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS0.00184EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 6:51 p.m.8 views

CVE-2026-26276 Gogs: DOM-based XSS via milestone selection

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS7AI score0.00184EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.18 views

PT-2026-23488

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, is affected by a DOM-Based Cross-Site Scripting XSS issue. An attacker can inject an HTML/JavaScript payload into a repository’s Milestone name. When another user selec...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References137
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.5 views

CVE-2023-40816

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field...

6.1CVSS6.9AI score0.00463EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-6513

Malware in sbrugna...

5.4CVSS5.8AI score0.0078EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-3017

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00463EPSS
Exploits1References3
OSV
OSV
added 2023/11/18 6:30 a.m.18 views

GHSA-QJMX-Q5M4-XQF5 Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field...

6.1CVSS6.3AI score0.00463EPSS
Exploits1References2
Rows per page
Query Builder