CVE-2022-32174: XSS
First published: Tue Oct 11 2022(Updated: )
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
Credit: vulnerabilitylab@mend.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gogs Gogs | >=0.6.5<=0.12.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-32174?
CVE-2022-32174 is a vulnerability in Gogs versions v0.6.5 through v0.12.10 that allows for Stored Cross-Site Scripting (XSS) attacks leading to an account takeover.
How severe is CVE-2022-32174?
CVE-2022-32174 has a severity rating of critical with a score of 9 out of 10.
How does CVE-2022-32174 affect Gogs?
CVE-2022-32174 affects Gogs versions v0.6.5 through v0.12.10 and allows for Stored Cross-Site Scripting (XSS) attacks that can result in an account takeover.
Is there a fix for CVE-2022-32174?
Yes, users should upgrade their Gogs installation to a version beyond v0.12.10 to mitigate the vulnerability.
What is the CWE number for CVE-2022-32174?
The CWE number for CVE-2022-32174 is CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
- collector/nvd-index
- vendor/gogs
- canonical/gogs gogs
- version/gogs gogs/0.6.5
- version/gogs gogs/0.12.10