Lafriks

**Name of the Vulnerable Software and Affected Versions** gitea versions prior to 1.19.4 **Description** The issue is an Open Redirect vulnerability in the GitHub repository go-gitea/gitea. This vulnerability is most likely a post-auth redirect and is a POST-based request scenario, making it less likely to be exploited or chained with other bugs for phishing or credential theft. **Recommendations** For versions prior to 1.19.4, update to version 1.19.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable redirect functionality until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Gitea versions 1.7.0 and earlier Description: The issue allows an attacker to execute arbitrary JavaScript in a victim's browser through a Cross Site Scripting (XSS) attack. This is achieved by having the victim open a specifically crafted URL, exploiting the go-get URL generation component. Recommendations: For Gitea versions 1.7.0 and earlier, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted URLs to minimize the risk of exploitation.