Description
An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.
Related CPE's
a
gitlab
gitlab
2
References
https://gitlab.com/gitlab-org/security/gitlab/-/issues/673
Permissions Required
https://hackerone.com/reports/1578400
Permissions Required
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-07-28T15:15:07.600
2 years agoLast modified
2022-08-04T14:37:47.570
2 years ago