CVE-2022-1175 In earlier versions, user input could be improperly sanitized. This could lead to XSS if the user input contains HTML.
GitLab allows adding any type of note to commit messages. Therefore, this XSS issue can be exploited to inject any HTML code into commit messages. This issue was fixed in versions starting from 14.8.5. Vendors/OSS users are encouraged to upgrade to the most recent versions. All versions starting from 14.9 before 14.9.2, all versions starting from 16.0 before 16.0.1, all versions starting from 16.1 before 16.1.0, all versions starting from 16.2 before 16.2.0, all versions starting from 16.3 before 16.3.0, all versions starting from 16.4 before 16.4.1, all versions starting from 16.5 before 16.5.0, all versions starting from 16.6 before 16.6.0, all versions starting from 16.7 before 16.7.0, all versions starting from 16.8 before 16.8.1, all versions starting from 16.9 before 16.9.2, all versions starting from 17.0 before 17.0.0, all versions starting from 17.1 before 17.1.0, all versions starting from 17.2 before 17.2.0, all versions starting from 17.3 before 17.3.0, all versions starting from 17.4 before 17.4.0, all versions starting from 17.5 before 17.5.0, all versions starting
GitLab/CVE-2018-10024
GitLab allows adding any type of note to commit messages. Therefore, this XSS issue can be exploited to inject any HTML code into commit messages. This issue was fixed in versions starting from 14.8.5. Vendors/OSS users are encouraged to upgrade to the most recent versions. All versions starting from 14.9 before 14.9.2, all versions starting from 16.0 before 16.0.1, all versions starting from 16.1 before 16.1.0, all versions starting from 16.2 before 16.2