Moderate severityNVD Advisory· Published May 5, 2022· Updated Aug 3, 2024
Stored xss bug in gogs/gogs
CVE-2022-1464
Description
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.12.7 | 0.12.7 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-ff28-f46g-r9g8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-1464ghsaADVISORY
- github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850ghsax_refsource_MISCWEB
- github.com/gogs/gogs/security/advisories/GHSA-ff28-f46g-r9g8ghsaWEB
- huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198dghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.