Medium severity5.4NVD Advisory· Published Jun 9, 2022· Updated Jun 17, 2026
CVE-2022-31038
CVE-2022-31038
Description
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.12.9 | 0.12.9 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caeenvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-xq4v-vrp9-vcf2ghsaADVISORY
- github.com/gogs/gogs/pull/7009nvdIssue TrackingThird Party AdvisoryWEB
- github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-31038ghsaADVISORY
- github.com/gogs/gogs/releases/tag/v0.12.9ghsaWEB
News mentions
0No linked articles in our index yet.