gogs.io/gogs is vulnerable to cross-site scripting. The vulnerability exists in list.tmpl
because the DisplayName
is not properly sanitized which allows an attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
gogs.io/gogs | le | v0.12.8 | |
gogs.io/gogs | le | v0.12.8 |