CVE-2022-1464

Опубликовано: 05 мая 2022

Источник: nvd

CVSS3: 7.3

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .

Ссылки

https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850
Patch
Third Party Advisory
https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d
Exploit
Third Party Advisory
https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850
Patch
Third Party Advisory
https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*

Версия до 0.12.7 (исключая)

EPSS

Процентиль: 43%

0.0021

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-ff28-f46g-r9g8

CVSS3: 5.4

github

больше 3 лет назад

Cross-site Scripting in Gogs

EPSS

Процентиль: 43%

0.0021

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79