Описание
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
Ссылки
- PatchRelease NotesVendor Advisory
- ExploitVendor Advisory
- PatchRelease NotesVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.14.9 (включая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.15.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.15.1:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.15.2:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.15.3:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.15.4:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.15.5:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.16.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.16.1:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.16.2:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.16.3:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:8.16.4:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00074
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 8 лет назад
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
CVSS3: 6.1
debian
около 8 лет назад
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 h ...
CVSS3: 6.1
github
около 3 лет назад
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
EPSS
Процентиль: 23%
0.00074
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79