Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category_CVE-2026-10585
A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The Answer...