Published: 04/10/2021 Updated: 06/10/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 prior to 14.1.7, all versions starting from 14.2 prior to 14.2.5, and all versions starting from 14.3 prior to 14.3.1 allows an malicious user to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitlab gitlab
gitlab gitlab 14.3.0

A Stored cross-site scripting security issue in merge request creation page in Gitlab EE version 135 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names ...

CWE-79 https://hackerone.com/reports/1342009 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39885.json https://gitlab.com/gitlab-org/gitlab/-/issues/341140 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-39885

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-39885

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect