Lucene search
@huntrdevCVELIST:CVE-2022-1464HistoryMay 05, 2022 - 1:45 p.m.
CVE-2022-1464 Stored xss bug in gogs/gogs
2022-05-0513:45:12
CWE-79
@huntrdev
www.cve.org
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
24.1%
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .
CNA Affected
[
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
freebsd
freebsd
gogs -- XSS in issue attachments
2022-04-12 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2022-05-06 08:40:04
github
github
Cross-site Scripting in Gogs
2022-05-24 20:48:14
huntr
huntr
Stored xss bug
2022-04-12 07:07:18
gitlab
gitlab
openvas
openvas
Gogs < 0.12.7 XSS Vulnerability
2022-05-09 00:00:00
nessus
nessus
alpinelinux
alpinelinux
CVE-2022-1464
2022-05-05 14:15:08
osv
osv
Cross-site Scripting in Gogs
2022-05-24 20:48:14
CVE-2022-1464
2022-05-05 14:15:08
prion
prion
Design/Logic Flaw
2022-05-05 14:15:00
nvd
nvd
CVE-2022-1464
2022-05-05 14:15:08
cve
cve
CVE-2022-1464
2022-05-05 14:15:08
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
24.1%
Related for CVELIST:CVE-2022-1464