Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-7316 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.3%

top 20.18%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Gitlab Debian Gitlab

Timeline

PublishedJan 24

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDgitlab/gitlab6.0.0

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-pjvm-3x7g-4998: Cross-site scripting (XSS) vulnerability in GitLab 6↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Gitlab 6.0 - Persistent Cross-Site Scripting↗2013-12-16

▶

📋Vendor Advisories

GitLab

CVE-2013-7316: Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML↗2014-01-24

▶

Debian

CVE-2013-7316: gitlab - Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before...↗2013

▶