VDB

GCVE-110-NCSC-2026-219

GCVE-110-NCSC-2026-219
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published July 3, 2026
A stored cross-site scripting vulnerability in GitHub Enterprise Server prior to version 3.21 allowed authenticated users to execute arbitrary JavaScript via malicious payloads in Discussion titles, fixed in versions 3.16 to 3.20.

Weaknesses (CWE)

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-451User Interface (UI) Misrepresentation of Critical InformationCWE-862Missing Authorization

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
GitHubvers:unknown/*
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›