Reflected XSS Vulnerability in GitLab Versions 12.8 to 15.10.1

Reflected XSS Vulnerability in GitLab Versions 12.8 to 15.10.1

CVE-2022-3513 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.

Learn more about our Web Application Penetration Testing UK.