Описание
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
Ссылки
- ExploitVendor Advisory
- ExploitThird Party Advisory
- Broken LinkVendor Advisory
- ExploitVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 11.11.0 (включая) до 11.11.7 (исключая)Версия от 11.11.0 (включая) до 11.11.7 (исключая)Версия от 12.0.0 (включая) до 12.0.4 (исключая)Версия от 12.0.0 (включая) до 12.0.4 (исключая)Версия от 12.1.0 (включая) до 12.1.2 (исключая)Версия от 12.1.0 (включая) до 12.1.2 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 21%
0.00069
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 6 лет назад
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
CVSS3: 5.4
debian
больше 6 лет назад
An input validation and output encoding issue was discovered in the Gi ...
CVSS3: 5.4
github
больше 3 лет назад
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
EPSS
Процентиль: 21%
0.00069
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79