An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.
History

Wed, 30 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 03 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-99

Thu, 03 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
Title Improper Control of Resource Identifiers ('Resource Injection') in GitLab Improper Encoding or Escaping of Output in GitLab
Weaknesses CWE-116

cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-07-13T02:02:34.411Z

Updated: 2024-10-30T19:31:16.274Z

Reserved: 2023-04-20T21:24:10.913Z

Link: CVE-2023-2200

cve-icon Vulnrichment

Updated: 2024-08-02T06:12:20.653Z

cve-icon NVD

Status : Modified

Published: 2023-07-13T03:15:09.240

Modified: 2024-11-21T07:58:08.510

Link: CVE-2023-2200

cve-icon Redhat

No data.