Описание
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.7 High
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Improper neutralization of user input in GitLab CE/EE versions 14.4 be ...
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS
8.7 High
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2