What is the authoritative source for CVE-2022-4007?

CVE-2022-4007 (CVE-2022-4007) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2022-4007EPSS p41.6%

CVE-2022-4007CVE-2022-4007

gitlab / gitlab

Description

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.

Scoring

CVSS	5.4 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS	0.55% probability of exploitation · percentile 41.6% · 2026-06-19T12:03:05Z
Last modified	2026-06-17

Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.