CVE-2022-32174

Name
CVE-2022-32174
Description
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/gogs/gogs/blob/v0.12.10/public/js/gogs.js#L263
MISC https://www.mend.io/vulnerability-database/CVE-2022-32174

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* gogs >= 0.6.5 <= 0.12.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gogs edge-community 0.13.0-r0 None fixed
gogs edge-community 0.12.9-r0 None possibly vulnerable
gogs edge-community 0.12.7-r0 None possibly vulnerable
gogs edge-community 0.12.6-r0 None possibly vulnerable
gogs 3.20-community 0.13.0-r0 None fixed
gogs 3.19-community 0.13.0-r0 None fixed
gogs 3.18-community 0.13.0-r0 None fixed
gogs 3.17-community 0.12.10-r6 None possibly vulnerable