Hello Josh, Steve, vendors,
an cross-site scripting (XSS) flaw was found in the way cgit, a fast
web interface for Git, displayed the file name in the rename hint. A
remote attacker could provide a specially-crafted web page, which once
visited by an authenticated Cgit user, with push access to the
repository, would lead to arbitrary web script or HTML code execution.
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team