Fluid Attacks Database

Description

Cross-site Scripting in Gitea Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/go-gitea/gitea	>=0 <1.5.1	1.5.1

Aliases

1. CVE-2021-453292. NVD-2021-453293. OSV-2021-453294. GCVE-2021-45329

References

1. https://github.com/go-gitea/gitea/pull/47102. https://blog.gitea.io/2018/09/gitea-1.5.1-is-released