CVE-2022-2235
HIGHGitLab 14.5-14.10.4, 15.0-15.0.3, 15.1 - Stored Cross-Site Scripting via ZenTao External Issue Tracker Link
Title source: llmDescription
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/360540
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1542510
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2235.json
Scores
CVSS v3
8.7
EPSS
0.0031
EPSS Percentile
54.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-79
Status
published
Products (2)
gitlab/gitlab
15.1.0
gitlab/gitlab
14.5.0 - 14.10.5
Published
Jul 01, 2022
Tracked Since
Feb 18, 2026