XSS Vulnerability in GitLab CE/EE Versions 14.3 to 14.5.2: Abusing Emoji HTML Code Generation

XSS Vulnerability in GitLab CE/EE Versions 14.3 to 14.5.2: Abusing Emoji HTML Code Generation

CVE-2021-39946 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis

Learn more about our User Device Pen Test.