Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-898p-hh3p-hf9r: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text

Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.

ghsa
Open in Source
#xss#git#intel

Skip to content

Navigation Menu

    • AI CODE CREATION

      • GitHub CopilotWrite better code with AI

      • GitHub SparkBuild and deploy intelligent apps

      • GitHub ModelsManage and compare prompts

      • MCP RegistryNewIntegrate external tools

View all features
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-68942

Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text

Moderate severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

Package

gomod code.gitea.io/gitea (Go)

Affected versions

< 1.22.2

Description

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

EPSS score

ghsa: Latest News

GHSA-rcfx-77hg-w2wv: FastMCP updated to MCP 1.23+ due to CVE-2025-66416
ghsa