CVE-2022-32174
published 2022-10-11CVE-2022-32174: In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
PriorityP358critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
58.02%
99.0th percentile
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gogs.io | gogs | 0.6.5 – 0.12.10 | — |
| gogs.io | gogs | >= 0.6.5 | — |
| gogs | gogs | 0.6.5 – 0.12.10 | — |
| gogs | gogs | unspecified – v0.12.10 | — |
| gogs | gogs | >= v0.6.5 < unspecified | unspecified |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Gogs vulnerable to Cross-site Scripting in gogs.io/gogs
osv·2024-08-21
CVE-2022-32174 Gogs vulnerable to Cross-site Scripting in gogs.io/gogs
Gogs vulnerable to Cross-site Scripting in gogs.io/gogs
Gogs vulnerable to Cross-site Scripting in gogs.io/gogs
GHSA
Gogs vulnerable to Cross-site Scripting
ghsa·2022-10-11
CVE-2022-32174 [CRITICAL] CWE-79 Gogs vulnerable to Cross-site Scripting
Gogs vulnerable to Cross-site Scripting
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
OSV
Gogs vulnerable to Cross-site Scripting
osv·2022-10-11
CVE-2022-32174 [CRITICAL] Gogs vulnerable to Cross-site Scripting
Gogs vulnerable to Cross-site Scripting
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-10-11
Published