Lucene search
China National Vulnerability DatabaseCNVD-2022-05444HistoryDec 12, 2021 - 12:00 a.m.
GitLab Cross-Site Scripting Vulnerability (CNVD-2022-05444)
2021-12-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
0.001 Low
EPSS
Percentile
39.8%
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD (continuous integration and continuous delivery), and other features.A cross-site scripting vulnerability exists in GitLab CE/EE, which stems from the fact that the program is vulnerable to injection via the Swagger UI feature. An attacker could exploit this vulnerability to inject malicious code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| GitLab GitLab CE/EE >=14.4, | lt | 14.4.4 | |
| GitLab CE/EE >=12.6, | lt | 14.3.6 | |
| GitLab CE/EE >=14.5, | lt | 14.5.2 |
Related
cve
cve
CVE-2021-39910
2021-12-13 16:15:08
veracode
veracode
HTML Injection
2023-08-06 20:06:08
nvd
nvd
CVE-2021-39910
2021-12-13 16:15:08
cvelist
cvelist
CVE-2021-39910
2021-12-13 15:47:46
debiancve
debiancve
CVE-2021-39910
2021-12-13 16:15:08
nessus
nessus
GitLab 12.6 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39910)
2024-01-03 00:00:00
osv
osv
BIT-gitlab-2021-39910
2024-03-06 11:17:53
CVE-2021-39910
2021-12-13 16:15:08
ubuntucve
ubuntucve
CVE-2021-39910
2021-12-13 00:00:00
prion
prion
Input validation
2021-12-13 16:15:00
archlinux
archlinux
[ASA-202112-10] gitlab: multiple issues
2021-12-11 00:00:00
freebsd
freebsd
Gitlab -- Multiple Vulnerabilities
2021-12-06 00:00:00