CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1928 – Cross-site Scripting (XSS) - Stored in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-1928
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.9 • https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9c https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2 https://security.gentoo.org/glsa/202210-14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 74%CPEs: 1EXPL: 4CVE-2022-30781 – Gitea 1.16.6 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote. Gitea versiones anteriores a 1.16.7, no escapa de git fetch remote • https://www.exploit-db.com/exploits/51009 https://github.com/wuhan005/CVE-2022-30781 http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html https://blog.gitea.io/2022/05/gitea-1.16.7-is-released https://github.com/go-gitea/gitea/pull/19487 https://github.com/go-gitea/gitea/pull/19490 https://tttang.com/archive/1607 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1058 – Open Redirect on login in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. Un Redireccionamiento Abierto en el inicio de sesión en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.5 • https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48 https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29134
https://notcve.org/view.php?id=CVE-2021-29134
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. El middleware de avatar en Gitea versiones anteriores a 1.13.6, permite un Salto de Directorio por medio de una URL diseñada • https://github.com/go-gitea/gitea/pull/15125/files https://github.com/go-gitea/gitea/releases/tag/v1.13.6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0905 – Missing Authorization in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-0905
Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. Una Autorización Inapropiada en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.4 • https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2 https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb • CWE-862: Missing Authorization •