Author: Robert

Gitea is an open-source self-hosted Git service. In versions prior to 1.25.5, the `dump-repo` CLI command is vulnerable to a path traversal attack allowing arbitrary file writes with attacker-controlled content.

Taiga is an open-source project management tool. In taiga-front versions up to 6.9.0, the `textToHTML` function insufficiently sanitizes user-controlled input, allowing injection of JavaScript event attributes via permitted HTML tags. This can be exploited to steal session tokens from local storage. The issue has been fixed in version 6.9.1.