What the vulnerability does

01Description

In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

Key dates

02Disclosure timeline

October 11, 2022 CVE published
May 16, 2025 Record updated

Related vulnerabilities

04Related CVE