CVE-2021-28378 — Cross-site Scripting in Gitea

Severity

5.4MEDIUMNVD

EPSS

12.9%

top 5.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 15

Latest updateAug 21

Description

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶NVDgitea/gitea1.13.0 — 1.13.4+1

OSV

Cross-site Scripting in Gitea in code.gitea.io/gitea↗2024-08-21

▶

GHSA

Cross-site Scripting in Gitea↗2021-09-27

▶

OSV

Cross-site Scripting in Gitea↗2021-09-27

▶