CVE-2022-1928
published 2022-05-29CVE-2022-1928: Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.75%
50.3th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.16.9 | 1.16.9 |
| gitea | gitea | < 1.16.9 | 1.16.9 |
| go-gitea | go-gitea_gitea | >= unspecified < 1.16.9 | 1.16.9 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.4MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Stored Cross-site Scripting in gitea in code.gitea.io/gitea
osv·2024-08-21
CVE-2022-1928 Stored Cross-site Scripting in gitea in code.gitea.io/gitea
Stored Cross-site Scripting in gitea in code.gitea.io/gitea
Stored Cross-site Scripting in gitea in code.gitea.io/gitea
OSV
Stored Cross-site Scripting in gitea
osv·2022-05-30
CVE-2022-1928 [MEDIUM] Stored Cross-site Scripting in gitea
Stored Cross-site Scripting in gitea
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9 via unfiltered pdfs
GHSA
Stored Cross-site Scripting in gitea
ghsa·2022-05-30
CVE-2022-1928 [MEDIUM] CWE-79 Stored Cross-site Scripting in gitea
Stored Cross-site Scripting in gitea
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9 via unfiltered pdfs
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9chttps://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2https://security.gentoo.org/glsa/202210-14https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9chttps://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2https://security.gentoo.org/glsa/202210-14
2022-05-29
Published