SecBoard
Zurück zur CVE-Übersicht

CVE-2026-28737

HIGH(8.7)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Risk Signal Score27/100 — MITTEL
  • CVSS 8.7 — Hoch

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

8.7

Technische Schwere

Beschreibung

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer.

GitHub Advisories

GHSA-9cpj-qc93-vw8vHIGH

Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer

go/code.gitea.io/gitea1.26.0
GitHub Advisory

Referenzen