Exploitation Summary
CVE-2024-6886 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.
Nuclei Templates (1)
Gitea 1.22.0 - Cross-Site Scripting
MEDIUMVERIFIEDby soonghee2
References (2)
Core 2
Core References
Various Sources
https://blog.gitea.com/release-of-1.22.1/
Issue Tracking
https://github.com/go-gitea/gitea/pull/31200
Scores
CVSS v4
10.0
EPSS
0.2824
EPSS Percentile
97.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (2)
code.gitea.io/gitea
0 - 1.22.1Go
Gitea/Gitea Open Source Git Server
1.22.0
Published
Aug 06, 2024
Tracked Since
Feb 18, 2026