CVE-2023-2200

MEDIUM

GitLab CE/EE <15.11.10, <16.0.6, <16.1.1 - XSS

Title source: llm

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.

References (2)

[Broken Link, Vendor Advisory] https://gitlab.com/gitlab-org/gitlab/-/issues/408281

[Third Party Advisory] https://hackerone.com/reports/1935628

Scores

CVSS v3 4.1

EPSS 0.0118

EPSS Percentile 78.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-116 CWE-79

Status published

Products (1)

gitlab/gitlab 7.14.0 - 15.11.10 (2 CPE variants)

Published Jul 13, 2023

Tracked Since Feb 18, 2026