HTTP: GitLab Community and Enterprise Edition Milestone References Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against Gitlab Community and Enterprise Edition, Milestone References. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.
Affected Products
Gitlab gitlab
References
CVE: CVE-2022-1190
Short Name
HTTP:XSS:GITLAB-MILESTONE-REF
Severity
Warning
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-1190 Community Cross-Site Edition Enterprise GitLab Milestone References Scripting Stored and
Release Date
07/07/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3507
False Positive
Unknown
Vendors
Gitlab