Description
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki
Related CPE's
a
gitlab
gitlab
4
References
https://hackerone.com/reports/1087061
Permissions RequiredThird Party Advisory
https://hackerone.com/reports/1087061
Permissions RequiredThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 · Medium
Information
Source identifier
Vulnerability status
Modified
Published
2021-03-24T16:15:14.023Z
5 years agoLast modified
2024-11-21T04:49:40.020Z
1 year ago