Cross Site Scripting (XSS) vulnerability exists in Gitea prior to 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
gitea gitea