CVE-2026-26276
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page (/issues/new), a DOM-Based XSS is triggered. This issue has been patched in version 0.14.2.
Vendor
Product
CWE
Yayın Tarihi
2026-03-05 19:16:04
Güncelleme
2026-03-05 22:00:00
Source Identifier
security-advisories@github.com
KEV Date Added
-