CVE-2021-22260

HIGH

GitLab 13.7-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Stored Cross-Site Scripting in DataDog Integration

Title source: llm
STIX 2.1

Description

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf

References (3)

Core 3
Core References
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/336614
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1257383

Scores

CVSS v3 7.7
EPSS 0.0016
EPSS Percentile 36.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Details

CWE
CWE-79
Status published
Products (1)
gitlab/gitlab 13.7.0 - 14.0.9 (2 CPE variants)
Published Nov 05, 2021
Tracked Since Feb 18, 2026