CVE-2022-1175

CVSS 8.7 HIGHEPSS 82.0%

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Affected products

GitLab · GitLab

public PoCs found — 3

githubgithub.com/Greenwolf/CVE-2022-1175★ 1 cve_referencepacketstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.htmlunverified exploitdbwww.exploit-db.com/exploits/50889unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.html https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.json https://gitlab.com/gitlab-org/gitlab/-/issues/353370 https://hackerone.com/reports/1481207