CVE-2022-1175
MEDIUM6.1EPSS 10.3%Published: 3/6/2024Modified: 4/3/2025
Also known as:BIT-gitlab-2022-1175
Description
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Affected packages (1)
- Bitnami/gitlab>= 14.4.0, < 14.7.7, >= 14.8.0, < 14.8.5, >= 14.9.0, < 14.9.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (5)
- WEBhttp://packetstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.html
- WEBhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.json
- WEBhttps://gitlab.com/gitlab-org/gitlab/-/issues/353370
- WEBhttps://hackerone.com/reports/1481207
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-1175