CVE-2026-26276
CVE-2026-26276
7.3
HighPublished:
Last updated:
Source:security-advisories@github.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- Required
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- None
Description
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page (/issues/new), a DOM-Based XSS is triggered. This issue has been patched in version 0.14.2.
References
security-advisories@github.com
https://github.com/gogs/gogs/pull/8178security-advisories@github.com
https://github.com/gogs/gogs/releases/tag/v0.14.2security-advisories@github.com
https://github.com/gogs/gogs/security/advisories/GHSA-vgjm-2cpf-4g7c