HTTP: GitLab Community and Enterprise Edition Notes Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against GitLab Community and Enterprise Editions. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
Affected Products
Gitlab gitlab
Short Name
HTTP:XSS:GITLAB-CE-EE-SXSS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-1175 CVE-2023-0050 CVE-2023-6371 Community Cross-Site Edition Enterprise GitLab Notes Scripting Stored and
Release Date
07/26/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3715
False Positive
Unknown
Vendors
Gitlab