0.001 Low
EPSS
Percentile
24.1%
github.com/gogs/gogs is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the runWeb function of web.go, allowing an attacker to inject and execute malicious javascript.
runWeb
web.go
github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850
github.com/gogs/gogs/pull/6926
huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d
huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d/