← Back

CVE-2022-3573

nvd nist
Published: Jan 12, 2023Modified: Apr 8, 2025

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.

Affected (8)

Gitlab
1 product
Gitlab
Abb
1 product
Drive Composer
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
From 15.4.0 to 15.5.7
Gitlab
From 15.6.0 to 15.6.4
Gitlab
From 15.7.0 to 15.7.2
Gitlab
From 15.4.0 to 15.5.7
Gitlab
From 15.6.0 to 15.6.4
Gitlab
From 15.7.0 to 15.7.2
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Abb
Drive Composer
Up to 2.8
Drive Composer
Up to 2.8

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (7)

Source: cve@gitlab.com
Vendor Advisory
Source: cve@gitlab.com
Broken Link
Source: cve@gitlab.com
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Broken Link

Timeline

No history available yet.