Lucene search
K

186 matches found

Cvelist
Cvelist
added 2026/06/24 8:25 p.m.20 views

CVE-2026-52807 Gogs: DOM-based XSS via Milestone Name on New Issue Page

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS0.00483EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 8:25 p.m.10 views

CVE-2026-52807

Summary (supported by provided docs): Gogs is affected by a DOM-based XSS in the New Issue page when a milestone name contains HTML/JS payloads. The root cause involves client-side rendering: milestone names are rendered with Go’s escaping in new_form.tmpl, but Semantic UI 2.4.2 uses preserveHTML...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 5:2 p.m.5 views

GHSA-VCM5-GVMP-78MP Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score0.00483EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51625

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Gitea affected versions not specified Description A stored DOM-based Cross-Site Scripting XSS issue exists where an attacker can store an HTML or JavaScript payload in a milestone name. When a user opens th...

4.8CVSS6AI score0.00483EPSS
Exploits0References10
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-177500

Malicious code in oberon-semantic-ui-cors-dione npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-177445

Malicious code in ophiuchus-callisto-semantic-ui-lynx npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-178613

Malicious code in halley-pm2-semantic-ui-commitlint-config-angular npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-179898

Malicious code in callback-zephyr-semantic-ui-carpo npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-179000

Malicious code in eventhoriz-perseus-semantic-ui-antares npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.1 views

MAL-2025-185984 Malicious code in callback-zephyr-semantic-ui-carpo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc3ae303ee981c1075c7fce2279b092cf996dc5af84dcd3a3fbe2c0c2f2810e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-177300

Malicious code in passport-semantic-ui-miranda-dotenv-safe npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-177076

Malicious code in prettier-oberon-unuk-semantic-ui npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-180524

Malicious code in ablation-semantic-ui-readable-xerxes npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-177605

Malicious code in nightmare-semantic-ui-init-config npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178846

Malicious code in fornax-postgres-phoenix-semantic-ui npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-179558

Malicious code in corvus-javascript-charon-semantic-ui npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-175820

Malicious code in uninstall-semantic-ui-await-postcss npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-178784

Malicious code in gammarayburst-semantic-ui-antares-juno npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-178455

Malicious code in ignite-hermes-ophiuchus-semantic-ui npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in prettier-oberon-unuk-semantic-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1416ff5d8384ecbdb89cc7b68eabd1e69af5e47c782685dded612d683ca51e37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder