2 matches found
CVE-2026-26276 Gogs: DOM-based XSS via milestone selection
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...
PT-2026-23488
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, is affected by a DOM-Based Cross-Site Scripting XSS issue. An attacker can inject an HTML/JavaScript payload into a repository’s Milestone name. When another user selec...