Headline
Gitea 1.22.0 Cross Site Scripting
Gitea version 1.22.0 suffers from a cross site scripting vulnerability.
# Exploit Title: Stored XSS in Gitea# Date: 27/08/2024# Exploit Authors: Catalin Iovita & Alexandru Postolache# Vendor Homepage: (https://github.com/go-gitea/gitea)# Version: 1.22.0# Tested on: Linux 5.15.0-107, Go 1.23.0# CVE: CVE-2024-6886## Vulnerability DescriptionGitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.## Steps to Reproduce1. Log in to the application.2. Create a new repository or modify an existing repository by clicking the Settings button from the `$username/$repo_name/settings` endpoint.3. In the Description field, input the following payload: <a href=javascript:alert()>XSS test</a>4. Save the changes.5. Upon clicking the repository description, the payload was successfully injected in the Description field. By clicking on the message, an alert box will appear, indicating the execution of the injected script.
Related news
GHSA-4h4p-553m-46qh: Gitea Cross-site Scripting Vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.