CVE-2022-1928: XSS
First published: Sun May 29 2022(Updated: )
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gitea Gitea | <1.16.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-1928?
CVE-2022-1928 is a vulnerability that allows an attacker to inject malicious scripts into a website that is stored in the GitHub repository go-gitea/gitea prior to version 1.16.9.
How does the Cross-site Scripting (XSS) vulnerability in CVE-2022-1928 work?
The Cross-site Scripting (XSS) vulnerability in CVE-2022-1928 allows an attacker to store and execute malicious scripts on the affected website, potentially leading to unauthorized access or data theft.
What is the severity of CVE-2022-1928?
CVE-2022-1928 has a severity rating of medium with a CVSS score of 5.4.
How can I mitigate the Cross-site Scripting (XSS) vulnerability in CVE-2022-1928?
To mitigate the Cross-site Scripting (XSS) vulnerability in CVE-2022-1928, it is recommended to update the go-gitea/gitea software to version 1.16.9 or later.
Where can I find more information about CVE-2022-1928?
More information about CVE-2022-1928 can be found in the following references: [1] [2] [3]
- collector/nvd-index
- vendor/gitea
- canonical/gitea gitea