Critical severityGHSA Advisory· Published Aug 6, 2024· Updated Apr 15, 2026
CVE-2024-6886
CVE-2024-6886
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
code.gitea.io/giteaGo | < 1.22.1 | 1.22.1 |
Affected products
4- osv-coords3 versions
< 0+ 2 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.22.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-4h4p-553m-46qhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-6886ghsaADVISORY
- blog.gitea.com/release-of-1.22.1ghsaWEB
- github.com/go-gitea/gitea/commit/b6280f4d21309cfae7cc07f74173354c664d5e10ghsaWEB
- github.com/go-gitea/gitea/pull/31200nvdWEB
- pkg.go.dev/vuln/GO-2024-3056ghsaWEB
- blog.gitea.com/release-of-1.22.1/nvd
News mentions
0No linked articles in our index yet.