CVE-2017-0923

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 77.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gitlab Gitlab Community AND Enterprise EditionsGitlab Gitlab
Timeline
PublishedMar 21
Latest updateMay 13

Description

Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5gitlab/gitlab_community_and_enterprise_editions10.2.0 - 10.2.5 Fixed in 10.2.6, 10.3.0 - 10.3.3 Fixed in 10.3.4, 9.1.0 - 10.1.5 Fixed in 10.1.6+2
NVDgitlab/gitlab4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-4qc4-p4r5-q24g: Gitlab Community Edition version 92022-05-13
CVEList
CVE-2017-0923: Gitlab Community Edition version 92018-03-21

📋Vendor Advisories

2
GitLab
CVE-2017-0923: Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site s2018-03-21
Debian
CVE-2017-0923: gitlab - Gitlab Community Edition version 9.1 is vulnerable to lack of input validation i...2017
CVE-2017-0923 (MEDIUM CVSS 6.1) | Gitlab Community Edition version 9. | cvebase.io