CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22185
https://notcve.org/view.php?id=CVE-2021-22185
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki Un saneamiento insuficiente de la entrada en wikis en GitLab versiones 13.8 y posteriores, permite a un atacante explotar una vulnerabilidad de tipo cross-site scripting almacenada por medio de un commit especialmente diseñado para un wiki • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22185.json https://gitlab.com/gitlab-org/gitlab/-/issues/299143 https://hackerone.com/reports/1087061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 32%CPEs: 6EXPL: 1CVE-2021-22192
https://notcve.org/view.php?id=CVE-2021-22192
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de 13.2, permitiendo a usuarios autenticados no autorizados ejecutar código arbitrario en el servidor • https://github.com/EXP-Docs/CVE-2021-22192 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22192.json https://gitlab.com/gitlab-org/gitlab/-/issues/324452 https://hackerone.com/reports/1125425 •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22183
https://notcve.org/view.php?id=CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de 11.8. GitLab era vulnerable a un XSS almacenado en la página epics, que podría haber sido explotado con las interacciones del usuario • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22183.json https://gitlab.com/gitlab-org/gitlab/-/issues/294176 https://hackerone.com/reports/1055814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22189
https://notcve.org/view.php?id=CVE-2021-22189
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. A partir de la versión 13.7, las ediciones de Gitlab CE/EE, estaban afectadas por un problema de seguridad relacionado a la comprobación de los certificados para Fortinet OTP que podría resultar en problemas de autenticación • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22189.json https://gitlab.com/gitlab-org/gitlab/-/issues/296557 • CWE-295: Improper Certificate Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1CVE-2021-22182
https://notcve.org/view.php?id=CVE-2021-22182
An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request. Se ha detectado un problema en GitLab que afecta a todas las versiones desde la versión 13.7. GitLab era vulnerable a un ataque de tipo XSS almacenado en una petición de fusión • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22182.json https://gitlab.com/gitlab-org/gitlab/-/issues/280779 https://hackerone.com/reports/1030189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •