EPSS
Percentile
26.4%
github.com/go-gitea/gitea is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in the user’s browser via the issuePopup function in contextpopup.js in some situations.
issuePopup
contextpopup.js
blog.gitea.io/2021/03/gitea-1.13.4-is-released/
github.com/go-gitea/gitea/commit/f1da46622e2d43870f939c46f43518728baecfd3
github.com/go-gitea/gitea/pull/14898
github.com/PandatiX/CVE-2021-28378