CVE-2022-4007

MEDIUM Year: 2022
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.

Related Vulnerabilities

CVE-2005-2350

MEDIUM
CVSS:6.1(Medium)

Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface.

CWE-792005

CVE-2006-5632

MEDIUM
CVSS:6.1(Medium)

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-...

CWE-792006

CVE-2006-5847

MEDIUM
CVSS:6.1(Medium)

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CWE-792006

CVE-2007-3484

MEDIUM
CVSS:6.1(Medium)

Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed b...

CWE-792007

CVE-2007-4465

MEDIUM
CVSS:6.1(Medium)

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitr...

CWE-792007

CVE-2007-5817

MEDIUM
CVSS:6.1(Medium)

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be levera...

CWE-792007