CVE-2022-31038

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*

History

17 Jun 2022, 19:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.4
CPE cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
References (MISC) https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee - (MISC) https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee - Patch, Third Party Advisory
References (MISC) https://github.com/gogs/gogs/pull/7009 - (MISC) https://github.com/gogs/gogs/pull/7009 - Issue Tracking, Third Party Advisory
References (CONFIRM) https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2 - (CONFIRM) https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2 - Issue Tracking, Third Party Advisory

09 Jun 2022, 17:33

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-09 17:15

Updated : 2024-02-04 22:29


NVD link : CVE-2022-31038

Mitre link : CVE-2022-31038

CVE.ORG link : CVE-2022-31038


JSON object : View

Products Affected

gogs

  • gogs
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')