CVE-2017-0924
Severity
6.1MEDIUM
EPSS
0.1%
top 77.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 21
Latest updateMay 13
Description
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages2 packages
🔴Vulnerability Details
2📋Vendor Advisories
2GitLab▶
CVE-2017-0924: Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting↗2018-03-21
Debian▶
CVE-2017-0924: gitlab - Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validatio...↗2017