FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gogs -- XSS in issue attachments

Affected packages
gogs < 0.12.7

Details

VuXML ID 647ac600-cc70-11ec-9cfc-10c37b4ac2ea
Discovery 2022-04-12
Entry 2022-05-05

The gogs project reports:

Repository issues page allows HTML attachments with arbitrary JS code.

References

CVE Name CVE-2022-1464
URL https://github.com/gogs/gogs/issues/6919
URL https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d/