CVE-2022-1928 MEDIUM

CVE-2022-1928: Cross-site Scripting (XSS) - Stored in go-gitea/gitea

Vendor Go-Gitea
Product go-gitea/gitea
Weakness CWE-79 · XSS
Published May 29, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

4.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.

Key dates

02Disclosure timeline

May 29, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting CVE-2025-7649 Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets CVE-2026-8880 RomanCart Ecommerce <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2023-22698 WordPress Theme Blvd Responsive Google Maps Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)