cbcvebase.
CVE-2022-32174
published 2022-10-11

CVE-2022-32174: In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

PriorityP358critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
58.02%
99.0th percentile
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

Affected

5 ranges
VendorProductVersion rangeFixed in
gogs.iogogs0.6.5 – 0.12.10
gogs.iogogs>= 0.6.5
gogsgogs0.6.5 – 0.12.10
gogsgogsunspecified – v0.12.10
gogsgogs>= v0.6.5 < unspecifiedunspecified
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.