Find real vulnerabilities before they ship
Vulnerability Database › go › CVE-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.
Base Score