Описание
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Ссылки
- ExploitIssue Tracking
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
8.7 High
CVSS3
Дефекты
Связанные уязвимости
An issue has been discovered in GitLab EE that allows for cross-site-s ...
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS
8.7 High
CVSS3