Cross-site Scripting (XSS) - Stored in go-gitea/gitea
CVE-2022-1928

4.4MEDIUM

Key Information:

Vendor

Go-gitea

Status
Go-gitea/gitea
Vendor
CVE Published:
29 May 2022

What is CVE-2022-1928?

Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.

Affected Version(s)

go-gitea/gitea < 1.16.9

References

https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539...
https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad...
https://security.gentoo.org/glsa/202210-14
vendor-advisory

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-1928 : Cross-site Scripting (XSS) - Stored in go-gitea/gitea