CVE-2025-68946

Publication date

2025-12-26 04:14:03

Family

mitre

State

PUBLISHED

Description

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.