CVE-2025-68946

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.20.1

Description A flaw exists in Gitea that allows the use of a forbidden URL scheme, such as javascript:, within a link, which can lead to cross-site scripting (XSS).

Recommendations Update Gitea to version 1.20.1 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-GITEA-2025-68946

CVE-2025-68946

GHSA-HQ57-C72X-4774

GO-2025-4265

SUSE-SU-2026:0037-1

Affected Products

Gitea

CVE-2025-68946

Weakness Enumeration

Related Identifiers

Affected Products

References · 90