vulnerability
Gitlab Gitlab: CVE-2022-1175: Improper Neutralization of Input During Web Page Generation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Apr 4, 2022 | Apr 22, 2025 | Sep 18, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Apr 4, 2022
Added
Apr 22, 2025
Modified
Sep 18, 2025
Description
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Solution
gitlab-gitlab-upgrade-latest
References
- CWE-79
- CVE-2022-1175
- https://attackerkb.com/topics/CVE-2022-1175
- URL-http://packetstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.html
- URL-https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.json
- URL-https://gitlab.com/gitlab-org/gitlab/-/issues/353370
- URL-https://hackerone.com/reports/1481207
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.