CVE-2021-22232 — Injection in Gitlab

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 67.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 6

Latest updateApr 8

Description

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶NVDgitlab/gitlab9.5.0 — 13.11.6+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=13.12, <13.12.6, >=14.0, <14.0.2, >=9.5, <13.11.6+2

GHSA

GHSA-q5w6-p37j-cwr4: HTML injection was possible via the full name field before versions 13↗2022-05-24

▶

OSV

CVE-2021-22232: HTML injection was possible via the full name field before versions 13↗2021-07-06

▶

Exploit-DB

Adobe Connect 11.4.5 - Local File Disclosure↗2023-04-08

▶

Exploit-DB

Adobe Connect 10 - Username Disclosure↗2021-02-09

▶

GitLab

CVE-2021-22232: HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE↗2021-07-06

▶

Debian

CVE-2021-22232: gitlab - HTML injection was possible via the full name field before versions 13.11.6, 13....↗2021

▶