Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public, any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .
CPE | Name | Operator | Version |
---|---|---|---|
go/gogs.io/gogs | lt | 0.12.7 |