Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-06-09
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
CVSS Score
10.0
EPSS Score
0.163
Published
2022-06-09
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
CVSS Score
10.0
EPSS Score
0.016
Published
2022-06-09
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-06-09
Page 2