Vulnerability Details CVE-2021-22185
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.0%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22185.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/299143
- https://hackerone.com/reports/1087061
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22185.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/299143
- https://hackerone.com/reports/1087061
Products affected by CVE-2021-22185
-
cpe:2.3:a:gitlab:gitlab:13.8.0
-
cpe:2.3:a:gitlab:gitlab:13.8.1
-
cpe:2.3:a:gitlab:gitlab:13.8.2
-
cpe:2.3:a:gitlab:gitlab:13.8.3
-
cpe:2.3:a:gitlab:gitlab:13.8.4
-
cpe:2.3:a:gitlab:gitlab:13.9.0
-
cpe:2.3:a:gitlab:gitlab:13.9.1