CVE-2018-19579 — Cross-site Scripting in Gitlab

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 79.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 10

Latest updateMay 24

Description

GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶NVDgitlab/gitlab11.5.0 — 11.5.1

GHSA

GHSA-3cmp-fvxf-q58q: GitLab EE version 11↗2022-05-24

▶

GitLab

CVE-2018-19579: GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.↗2019-07-10

▶

Debian

CVE-2018-19579: gitlab - GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Op...↗2018

▶