Stored xss bug in gogs/gogs
Apr 12th 2022
stored xss bug
Proof of Concept
create a public repo and create a issue .
now in issue upload a html file with xss payload inside.
When any user view the repo and click the attachment link then xss is executed .
you can upload https://github.com/ranjit-git/poc/edit/master/evilsvgfile.svg this file also