CVE-2021-22185 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 61.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedMar 24

Latest updateMay 24

Description

Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶NVDgitlab/gitlab13.8.0 — 13.8.5+1

▶CVEListV5gitlab/gitlab>=13.8, <13.8.5, >=13.9, <13.9.2+1

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-wf25-2f67-3rmc: Insufficient input sanitization in wikis in GitLab version 13↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2021-22185: Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a↗2021-03-24

▶

Debian

CVE-2021-22185: gitlab - Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an...↗2021

▶