First published: Sun May 29 2022(Updated: )
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.
Credit: security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Gitea Gitea | <1.16.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1928 is a vulnerability that allows an attacker to inject malicious scripts into a website that is stored in the GitHub repository go-gitea/gitea prior to version 1.16.9.
The Cross-site Scripting (XSS) vulnerability in CVE-2022-1928 allows an attacker to store and execute malicious scripts on the affected website, potentially leading to unauthorized access or data theft.
CVE-2022-1928 has a severity rating of medium with a CVSS score of 5.4.
To mitigate the Cross-site Scripting (XSS) vulnerability in CVE-2022-1928, it is recommended to update the go-gitea/gitea software to version 1.16.9 or later.
More information about CVE-2022-1928 can be found in the following references: [1] [2] [3]