CVE-2022-32174Cross-site Scripting in Gogs

CWE-79Cross-site Scripting4 documents3 sources
Severity
9.0CRITICALNVD
EPSS
2.8%
top 13.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GogsGogs.io Gogs
Timeline
PublishedOct 11
Latest updateAug 21

Description

In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages3 packages

CVEListV5gogs/gogsv0.6.5unspecified+1
NVDgogs/gogs0.6.50.12.10
Gogogs.io/gogs0.6.50.12.10+1

🔴Vulnerability Details

3
OSV
Gogs vulnerable to Cross-site Scripting in gogs.io/gogs2024-08-21
GHSA
Gogs vulnerable to Cross-site Scripting2022-10-11
OSV
Gogs vulnerable to Cross-site Scripting2022-10-11