GMS-2022-6859: Stored XSS using HTMLEditor
A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
An attacker must have access to the CMS to exploit this issue.
References
Detect and mitigate GMS-2022-6859 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →