Sign in Get started

← All advisories

Moderate severityOSV Advisory· Published Dec 26, 2025· Updated Dec 26, 2025

CVE-2025-68942

CVE-2025-68942

Description

Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
code.gitea.io/giteaGo	< 1.22.2	1.22.2

Affected products

1

Go Gitea/GiteaOSV
Range: v0.9.99, v1.0.0, v1.1.0, …

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

github.com/advisories/GHSA-898p-hh3p-hf9rghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-68942ghsaADVISORY
blog.gitea.com/release-of-1.22.2ghsaWEB
github.com/go-gitea/gitea/pull/31966ghsaWEB
github.com/go-gitea/gitea/releases/tag/v1.22.2ghsaWEB
blog.gitea.com/release-of-1.22.2/mitre

News mentions

0

No linked articles in our index yet.