Vulnerability Description
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 14.4.0, < 14.7.7 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.htmThird Party AdvisoryVDB Entry
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/353370Broken Link
- https://hackerone.com/reports/1481207Permissions RequiredThird Party Advisory
- http://packetstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.htmThird Party AdvisoryVDB Entry
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/353370Broken Link
- https://hackerone.com/reports/1481207Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-1175?
CVE-2022-1175 is a vulnerability with a CVSS score of 8.7 (HIGH). Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to e...
How severe is CVE-2022-1175?
CVE-2022-1175 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1175?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.