Cross-Site Scripting (XSS) Vulnerability in GitLab CE/EE Work Item Title Field

Cross-Site Scripting (XSS) Vulnerability in GitLab CE/EE Work Item Title Field

CVE-2022-4007 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.

Learn more about our Web Application Penetration Testing UK.