Vulnerabilities > Gitlab > Gitlab > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-05 | CVE-2021-22261 | Cross-site Scripting vulnerability in Gitlab A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses | 3.5 |
| 2021-10-05 | CVE-2021-39878 | Cross-site Scripting vulnerability in Gitlab A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code. | 3.5 |
| 2021-10-05 | CVE-2021-39887 | Cross-site Scripting vulnerability in Gitlab A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. | 3.5 |
| 2021-10-04 | CVE-2021-39899 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. | 1.9 |
| 2021-08-25 | CVE-2021-22242 | Cross-site Scripting vulnerability in Gitlab Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 3.5 |
| 2021-08-20 | CVE-2021-22254 | Improper Encoding or Escaping of Output vulnerability in Gitlab Under very specific conditions a user could be impersonated using Gitlab shell. | 3.5 |
| 2021-08-20 | CVE-2021-22238 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 13.3. | 3.5 |
| 2021-08-05 | CVE-2021-22234 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. | 3.5 |
| 2021-08-05 | CVE-2021-22241 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. | 3.5 |
| 2021-07-07 | CVE-2021-22225 | Cross-site Scripting vulnerability in Gitlab Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 3.5 |