Описание
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | ignored | |
| jammy | DNE | |
| noble | DNE | |
| plucky | DNE | |
| upstream | not-affected | debian: Vulnerable code introduced later |
Показывать по
8.7 High
CVSS3
Связанные уязвимости
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/CE, связанная с недостаточной защитой структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)
8.7 High
CVSS3