{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "8.4.0" }, { "fixed": "14.1.7" }, { "introduced": "8.4.0" }, { "fixed": "14.1.7" }, { "introduced": "14.2" }, { "fixed": "14.2.5" }, { "introduced": "14.2" }, { "fixed": "14.2.5" }, { "introduced": "14.3" }, { "fixed": "14.3.1" }, { "introduced": "14.3" }, { "fixed": "14.3.1" } ] }, "events": [ { "introduced": "5b5777b8cf3328d27ef549c31f70993da1d1b267" }, { "fixed": "9cd657e5179e339171d27e4573b8f5711db1d824" }, { "introduced": "5b5777b8cf3328d27ef549c31f70993da1d1b267" }, { "fixed": "9cd657e5179e339171d27e4573b8f5711db1d824" }, { "introduced": "38bbb40bb77dd3e0f0281c4363e2ef298e650c42" }, { "fixed": "72c1da0383a35604f4b2d73a7ed8e6a2c4ee64b1" }, { "introduced": "38bbb40bb77dd3e0f0281c4363e2ef298e650c42" }, { "fixed": "72c1da0383a35604f4b2d73a7ed8e6a2c4ee64b1" }, { "introduced": "dec73e99fddac59c0bf816dc4bffd2a30abae6de" }, { "fixed": "0816e4664224c86a9c3868127ad890d7cf0526c6" }, { "introduced": "dec73e99fddac59c0bf816dc4bffd2a30abae6de" }, { "fixed": "0816e4664224c86a9c3868127ad890d7cf0526c6" } ], "repo": "https://gitlab.com/gitlab-org/gitlab", "type": "GIT" } ] } ], "details": "A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.", "id": "CVE-2021-39887", "modified": "2026-03-13T21:49:22.118994719Z", "published": "2021-10-05T12:15:07.903Z", "references": [ { "type": "ADVISORY", "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39887.json" }, { "type": "REPORT", "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/332903" }, { "type": "REPORT", "url": "https://hackerone.com/reports/1218174" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }