Gitea Open Source Git Server Stored XSS Vulnerability
CVE-2024-6886

Currently unrated

Key Information:

Vendor: Gitea
Status: Gitea Open Source Git Server
Vendor: CVE Published:; 6 August 2024

What is CVE-2024-6886?

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.

Affected Version(s)

Gitea Open Source Git Server 1.22.0

References

https://github.com/go-gitea/gitea/pull/31200

https://blog.gitea.com/release-of-1.22.1/

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jul 18, 2024

Credit

Catalin Iovita (https://github.com/catalin-iovita)

Alexandru Postolache (https://github.com/alex-postolache)

JSON