CVE-2022-3265 in Community Editionthông tin

Tóm tắt

Bởi MITRE • 10/11/2022

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

chịu trách nhiệm

GitLab Inc.

Đặt trước

21/09/2022

Tiết lộ

10/11/2022

Kiểm duyệt

được chấp nhận

EPSS

0.86326

KEV

không

Các hoạt động

rất thấp

Nguồn

Want to know what is going to be exploited?

We predict KEV entries!