Loading
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
Use CWE-79, Gitea vendor hub and Gitea product page to widen CVE-2025-68942 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-20912, CVE-2026-20897 and CVE-2026-20750 for nearby disclosures in the same product family.