CVE-2022-1175 In earlier versions, user input could be improperly sanitized. This could lead to XSS if the user input contains HTML.

CVE-2022-1175 In earlier versions, user input could be improperly sanitized. This could lead to XSS if the user input contains HTML.

GitLab allows adding any type of note to commit messages. Therefore, this XSS issue can be exploited to inject any HTML code into commit messages. This issue was fixed in versions starting from 14.8.5. Vendors/OSS users are encouraged to upgrade to the most recent versions. All versions starting from 14.9 before 14.9.2, all versions starting from 16.0 before 16.0.1, all versions starting from 16.1 before 16.1.0, all versions starting from 16.2 before 16.2.0, all versions starting from 16.3 before 16.3.0, all versions starting from 16.4 before 16.4.1, all versions starting from 16.5 before 16.5.0, all versions starting from 16.6 before 16.6.0, all versions starting from 16.7 before 16.7.0, all versions starting from 16.8 before 16.8.1, all versions starting from 16.9 before 16.9.2, all versions starting from 17.0 before 17.0.0, all versions starting from 17.1 before 17.1.0, all versions starting from 17.2 before 17.2.0, all versions starting from 17.3 before 17.3.0, all versions starting from 17.4 before 17.4.0, all versions starting from 17.5 before 17.5.0, all versions starting

GitLab/CVE-2018-10024

GitLab allows adding any type of note to commit messages. Therefore, this XSS issue can be exploited to inject any HTML code into commit messages. This issue was fixed in versions starting from 14.8.5. Vendors/OSS users are encouraged to upgrade to the most recent versions. All versions starting from 14.9 before 14.9.2, all versions starting from 16.0 before 16.0.1, all versions starting from 16.1 before 16.1.0, all versions starting from 16.2 before 16.2

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe