logo

Database

Server side cross-site scripting In gogs.io/gogs

Description

Gogs: DOM-based XSS via milestone selection

Summary

It was confirmed in a test environment that an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page (/issues/new), a DOM-Based XSS is triggered.

Impact

    Theft of information accessible in the victim’s session.

    Extraction of CSRF tokens and submission of state-changing requests with the victim’s privileges.

    Repository operations performed with the victim’s privileges (Issue operations, settings changes, etc.).

(The impact scope depends on the victim’s permission level.)

Remediation

A fix is available at https://github.com/gogs/gogs/releases/tag/v0.14.2

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2026-262762. NVD-2026-262763. OSV-2026-262764. GHSA-vgjm-2cpf-4g7c5. GCVE-2026-26276

References

1. https://github.com/gogs/gogs/security/advisories/GHSA-vgjm-2cpf-4g7c2. https://github.com/gogs/gogs/pull/81783. https://github.com/gogs/gogs/commit/9001a68cdda7bd9c078ffd6d1c4622905ac11e5c4. https://github.com/gogs/gogs/releases/tag/v0.14.2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.