CVE-2019-1010261

Name of the Vulnerable Software and Affected Versions: Gitea versions 1.7.0 and earlier

Description: The issue allows an attacker to execute arbitrary JavaScript in a victim's browser through a Cross Site Scripting (XSS) attack. This is achieved by having the victim open a specifically crafted URL, exploiting the go-get URL generation component.

Recommendations: For Gitea versions 1.7.0 and earlier, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted URLs to minimize the risk of exploitation.