17 matches found
EUVD-2022-24744
Malicious code in bioql PyPI...
CVE-2022-1433
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...
CVE-2022-1175
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...
Cross-Site Scripting (XSS)
gitlab is vulnerable to Cross-Site Scripting XSS attacks. Missing invalidation of markdown caching allows an attacker to inject and execute malicious javascript on victim's browser via a crafted payloads from a previously exploitable XSS vulnerability. CVE-2022-1175...
GitLab Community and Enterprise Cross-Site Scripting (CVE-2022-1175)
A cross-site scripting vulnerability exists in GitLab Community and Enterprise Editions. The vulnerability is due to improper sanitization of user input submitted in notes...
GitLab 14.4 < 14.8.6 / 14.9 < 14.9.4 / 14.10 < 14.10.1 (CVE-2022-1433)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing...
Cross site scripting
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...
CVE-2022-1433
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...
Gitlab 14.9 Cross Site Scripting
Exploit Title: Gitlab Stored XSS Date: 12/04/2022 Exploit Authors: Greenwolf & stacksmashing Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install Version: GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions...
GitLab 14.9 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Gitlab Stored XSS Exploit Authors: Greenwolf & stacksmashing Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install Version: GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9...
GitLab 14.9 - Stored Cross-Site Scripting (XSS)
Exploit Title: Gitlab Stored XSS Date: 12/04/2022 Exploit Authors: Greenwolf Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install Version: GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9...
GitLab 14.4 < 14.7.7 / 14.8 < 14.8.5 / 14.9 < 14.9.2 (CVE-2022-1175)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to...
CVE-2022-1175
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...
CVE-2022-1175
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...
CVE-2022-1175
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...
CVE-2022-1175
GitLab CE/EE is affected by CVE-2022-1175 due to improper neutralization of user input in notes, enabling Stored XSS. Affected ranges are GitLab CE/EE versions: 14.4 up to before 14.7.7, 14.8 up to before 14.8.5, and 14.9 up to before 14.9.2. Connected documents indicate fixes exist in later rele...
CVE-2022-1175
Removed by vendor...