CVE-2022-1464: Stored xss bug in gogs/gogs
First published: Thu May 05 2022(Updated: )
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gogs Gogs | <0.12.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this bug?
The vulnerability ID for this bug is CVE-2022-1464.
What is the title of this vulnerability?
The title of this vulnerability is 'Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7.'
What is the severity rating of CVE-2022-1464?
The severity rating of CVE-2022-1464 is high, with a value of 5.4.
How does this vulnerability allow execution of arbitrary JavaScript code?
This vulnerability allows execution of arbitrary JavaScript code when a user opens an attachment in the vulnerable GitHub repository gogs/gogs.
How can I fix this vulnerability?
To fix this vulnerability, update your gogs/gogs repository to version 0.12.7 or above.
- collector/nvd-index
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/author
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- vendor/gogs
- canonical/gogs gogs