Stored xss bug in gogs/gogs
CVE-2022-1464

5.4MEDIUM

Key Information:

Vendor: gogs
Status: gogs/gogs
Vendor: CVE Published:; 5 May 2022

What is CVE-2022-1464?

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .

Affected Version(s)

gogs/gogs < 0.12.7

References

https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae0...

x_refsource_CONFIRM

https://github.com/gogs/gogs/commit/bc77440b301ac8780698b...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Apr 25, 2022