CVE-2022-31038

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.12.9

Description The issue is related to an XSS vulnerability in the repository issue list of Gogs, an open source self-hosted Git service. In affected versions, the DisplayName does not filter characters input from users, leading to an XSS vulnerability when directly displayed in the issue list. Users are advised to upgrade to resolve the issue. For users unable to upgrade, it is recommended to check their users' display names for malicious characters.

Recommendations For versions prior to 0.12.9, upgrade to 0.12.9 or the latest 0.13.0+dev to resolve the issue. As a temporary workaround, check and update the existing users' display names that contain malicious characters.