CVE-2022-1948: XSS
First published: Thu Jul 28 2022(Updated: )
An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | =15.0.0 | |
| GitLab | =15.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-1948?
CVE-2022-1948 has been classified with a high severity rating due to its potential for XSS attacks.
How do I fix CVE-2022-1948?
To mitigate CVE-2022-1948, you should upgrade to GitLab version 15.0.1 or later.
What systems are affected by CVE-2022-1948?
CVE-2022-1948 affects all GitLab versions starting from 15.0 up to but not including 15.0.1.
What type of vulnerability is CVE-2022-1948?
CVE-2022-1948 is a cross-site scripting (XSS) vulnerability related to input validation in quick actions.
Can CVE-2022-1948 be exploited remotely?
Yes, CVE-2022-1948 can be exploited remotely by an attacker through injecting HTML into contact details.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/15.0.0