Lucene search
K

6 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52807

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS0.00483EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:25 p.m.27 views

CVE-2026-52807 Gogs: DOM-based XSS via Milestone Name on New Issue Page

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS0.00483EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:25 p.m.6 views

CVE-2026-52807

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/05 9:13 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the milestone selection. An attacker can execute arbitrary JavaScript code in the context of another user's browser by storing a crafted HTML or JavaScript payload in a repository's milestone name, which is...

8.7CVSS5.7AI score0.00184EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.20 views

Gogs 跨站脚本漏洞

Gogs Go Git Service is a self-service Git hosting service developed by the Gogs team using the Go language. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2, Gogs had a cross-site scripting...

7.3CVSS7.1AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.5 views

PT-2026-1508

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.20 GitHub Enterprise Server versions 3.14.20 GitHub Enterprise Server versions 3.15.15 GitHub Enterprise Server versions 3.16.11 GitHub Enterprise Server versions 3.17.8 GitHub Enterprise Server...

8.4CVSS6.1AI score0.00182EPSS
Exploits0References9
Rows per page
Query Builder