0.005 Low
EPSS
Percentile
75.6%
gogs is vulnerable to cross-site scripting (XSS). A remote attacker is able to execute malicious JavaScript via providing an XSS payload through the full name parameter, which allows the attacker to gain admin privileges and takeover the account.
full name
github.com/gogs/gogs/blob/v0.12.10/public/js/gogs.js#L263
www.mend.io/vulnerability-database/CVE-2022-32174