Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-104265. PoCs published by Mikail KOCADAĞ.
AI-analyzed exploit summary The exploit demonstrates an HTML injection vulnerability in Gitea 1.24.0 via the 'description' parameter in the user settings page. The provided HTTP request shows how unsanitized HTML input is rendered, confirming the vulnerability.
Description
Gitea 1.24.0 - HTML Injection
Exploits (1)
exploitdb
WORKING POC
by Mikail KOCADAĞ · textwebappsmultiple
https://www.exploit-db.com/exploits/52087
The exploit demonstrates an HTML injection vulnerability in Gitea 1.24.0 via the 'description' parameter in the user settings page. The provided HTTP request shows how unsanitized HTML input is rendered, confirming the vulnerability.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Gitea 1.24.0
Auth required
Prerequisites:
Authenticated user session · Access to user settings page
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026