{"containers": {"cna": {"affected": [{"product": "gogs", "vendor": "gogs", "versions": [{"status": "affected", "version": "< 0.12.9"}]}], "descriptions": [{"lang": "en", "value": "Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-08T17:40:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gogs/gogs/pull/7009"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee"}], "source": {"advisory": "GHSA-xq4v-vrp9-vcf2", "discovery": "UNKNOWN"}, "title": "XSS vulnerability in repository issue list in Gogs", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31038", "STATE": "PUBLIC", "TITLE": "XSS vulnerability in repository issue list in Gogs"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "gogs", "version": {"version_data": [{"version_value": "< 0.12.9"}]}}]}, "vendor_name": "gogs"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2", "refsource": "CONFIRM", "url": "https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2"}, {"name": "https://github.com/gogs/gogs/pull/7009", "refsource": "MISC", "url": "https://github.com/gogs/gogs/pull/7009"}, {"name": "https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee", "refsource": "MISC", "url": "https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee"}]}, "source": {"advisory": "GHSA-xq4v-vrp9-vcf2", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:03:40.294Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gogs/gogs/pull/7009"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31038", "datePublished": "2022-06-08T17:40:11", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2024-08-03T07:03:40.294Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DAD0C2A-2575-4160-90B2-D024A0A41B0A", "versionEndExcluding": "0.12.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters."}, {"lang": "es", "value": "Gogs es un servicio Git de c\u00f3digo abierto auto alojado. En versiones de gogs anteriores a 0.12.9 \"DisplayName\" no filtra la entrada de caracteres de los usuarios, lo que conlleva a una vulnerabilidad de tipo XSS cuando es mostrado directamente en la lista de problemas. Este problema ha sido resuelto en el commit 155cae1d que sanea \"DisplayName\" antes de mostrarlo al usuario. Es recomendado a todos los usuarios de gogs actualizar. Los usuarios que no puedan actualizarse deber\u00edan comprobar si los nombres de pantalla de sus usuarios contienen caracteres maliciosos"}], "id": "CVE-2022-31038", "lastModified": "2024-11-21T07:03:45.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-09T17:15:09.917", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/gogs/gogs/pull/7009"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/gogs/gogs/pull/7009"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}