CVE-2022-1464 Information

Description

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850 https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4