Ubuntu.comUB:CVE-2022-3265CVE-2022-3265
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
45.4%
A cross-site scripting issue has been discovered in GitLab CE/EE affecting
all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to
15.5.2. It was possible to exploit a vulnerability in setting the labels
colour feature which could lead to a stored XSS that allowed attackers to
perform arbitrary actions on behalf of victims at client side.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
45.4%