HomePentest-Tools.com Logo

Gogs < 0.12.7 XSS Vulnerability CVE-2022-1464

Severity
CVSSv3 Score
5.4
Vulnerability description

Gogs is prone to a cross-site scripting (XSS) vulnerability.

Risk description

An attacker is able to upload a HTML file to a repository with an XSS payload inside. When any user view the repository and click the attachment link then the XSS is executed. If the repository is public any user can view the report and when opening the attachment then the XSS is executed. This bug allows the execution of any JavaScript code in the victim account.

Recommendation

Update to version 0.12.7 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 5, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available