Re: Cgit XSS "vulnerability" has no CVE?

["Jason A. Donenfeld" <Jason () zx2c4 com>]

On Sat, Mar 5, 2016 at 6:41 PM, Peter Bex <peter () more-magic net> wrote:
> This allows for an XSS attack by anyone with write access: If you can
> push to a git repository for which the "txt2html" converter is activate,
> you can create a README or README.txt and insert arbitrary HTML.

The XSS situation in those release notes does not cover what you've
described here. You're conflating two separate things.