VDB
GCVE-110-NCSC-2026-219
GCVE-110-NCSC-2026-219
Advisory PublishedCVSS 5.4/10
A stored cross-site scripting vulnerability in GitHub Enterprise Server prior to version 3.21 allowed authenticated users to execute arbitrary JavaScript via malicious payloads in Discussion titles, fixed in versions 3.16 to 3.20.
Weaknesses (CWE)
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-451User Interface (UI) Misrepresentation of Critical InformationCWE-862Missing Authorization
Risk Scores
CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GitHub | vers:unknown/* | — | — |
| Microsoft | vers:unknown/* | — | — |
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.