CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1464 – Stored xss bug in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-1464
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . Un bug de tipo xss almacenado en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.7. Como el repositorio es público, cualquier usuario puede visualizar el informe y cuando abre el archivo adjunto es ejecutado el ataque de tipo xss. • https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850 https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 8%CPEs: 1EXPL: 1CVE-2022-0415 – Remote Command Execution in uploading repository file in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. Una Ejecución de Comandos Remota en la carga de un archivo de repositorio en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.6 • https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284 https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0870 – Server-Side Request Forgery (SSRF) in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-0870
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.5 • https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0871 – Missing Authorization in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-0871
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. Una Autorización Inapropiada en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.5 • https://github.com/gogs/gogs/commit/64102be2c90e1b47dbdd379873ba76c80d4b0e78 https://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62 • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9329
https://notcve.org/view.php?id=CVE-2020-9329
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition. Gogs versiones hasta 0.11.91, permite a atacantes violar la política de repo-creation especificada por el administrador debido a una condición de carrera interna del archivo /db/repo.go. • https://github.com/gogs/gogs/issues/5926 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •