CVE-2019-12444Cross-site Scripting in Gitlab

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 72.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian GitlabGitlab
Timeline
PublishedMar 10
Latest updateMay 24

Description

An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/gitlab< gitlab 12.6.8-3 (sid)
NVDgitlab/gitlab8.9.011.11.0
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-j8p4-7v92-r64p: An issue was discovered in GitLab Community and Enterprise Edition 82022-05-24

📋Vendor Advisories

2
GitLab
CVE-2019-12444: An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted i2020-03-10
Debian
CVE-2019-12444: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 1...2019