CVE-2026-26276
EUVD-2026-985505.03.2026, 19:16
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page (/issues/new), a DOM-Based XSS is triggered. This issue has been patched in version 0.14.2.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gogs | gogs | 𝑥 < 0.14.2 |
𝑥
= Vulnerable software versions