vulnerability
Arch Linux: Cross-site scripting (CVE-2021-22225)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Jul 7, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Jul 7, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
Insufficient input sanitization in markdown in GitLab version 13.11 and up before version 14.0.2 allows an attacker to exploit a stored cross-site scripting vulnerability via specially-crafted markdown.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-22225
- https://attackerkb.com/topics/CVE-2021-22225
- URL-https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/
- URL-https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22225.json
- URL-https://gitlab.com/gitlab-org/gitlab/-/issues/331051
- URL-https://security.archlinux.org/ASA-202107-18
- CWE-79
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.