CVE-2019-1010314

Name of the Vulnerable Software and Affected Versions: Gitea versions 1.7.2 through 1.7.3

Description: The issue allows an attacker to execute JavaScript in a victim's browser when the vulnerable repository page is loaded. The component affected is the repository's description. The attack vector involves the victim navigating to a public and affected repository page.

Recommendations: For Gitea versions 1.7.2 and 1.7.3, consider restricting access to the repository's description field until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.