An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.
Metrics
Affected Vendors & Products
References
History
Wed, 30 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 03 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-99 |
Thu, 03 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Improper Control of Resource Identifiers ('Resource Injection') in GitLab | Improper Encoding or Escaping of Output in GitLab |
Weaknesses | CWE-116 |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-07-13T02:02:34.411Z
Updated: 2024-10-30T19:31:16.274Z
Reserved: 2023-04-20T21:24:10.913Z
Link: CVE-2023-2200
Vulnrichment
Updated: 2024-08-02T06:12:20.653Z
NVD
Status : Modified
Published: 2023-07-13T03:15:09.240
Modified: 2024-11-21T07:58:08.510
Link: CVE-2023-2200
Redhat
No data.