3 matches found
CVE-2022-1464
CVE-2022-1464 concerns a stored XSS in Gogs (Go Git Service) prior to version 0.12.7. The vulnerability arises when users upload or view report attachments in a public repository; opening an attachment can execute arbitrary JavaScript in the victim’s account. Public notes indicate the issue is tr...
CVE-2022-1464 Stored xss bug in gogs/gogs
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account...
FreeBSD : gogs -- XSS in issue attachments (647ac600-cc70-11ec-9cfc-10c37b4ac2ea)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 647ac600-cc70-11ec-9cfc-10c37b4ac2ea advisory. - The gogs project reports: Repository issues page allows HTML attachments with arbitrary JS code...