XSS in Github Enterprise Server
CVE-2026-10585
A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Disc…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Github Enterprise Server — versions 3.17.0, 3.18.0, 3.19.0